Re: [Openca-Users] emailAddress in DN

Tue, 29 Oct 2002 10:13:50 -0800 

Mauricio Rojas (ISC) wrote:


I am using CP Directory Server v4.1. This LDAP server is very hard in X.500
schema.
But, It's very stable. This LDAP Directory work with Entrust solutions in
100% (plug and play)
but the schema requirements from entrust are very different to openca.
Entrust uses several additional entrys for there automatic functions. I think CP is the old Peer Logic and we tested Entrust with this directory (v3.6). The server on Unix was stable but the management client on NT was not acceptable for a production environment. Entrust recommended us Siemens DirX.

Our basic schemas should match with the Entrust ones. We simply don't need there additional specifications :)

When load the CA certificate in the LDAP, I am using a DN like: "cn=CA
name,o=Acme,c=CL"
but, when I load the CRL to this certificate, the ldap library function use
a DN like: [EMAIL PROTECTED],cn=CA name,o=Acme,c=CL
and the ldap functions return an error message that mean this can not find
the CA certificate object.

Yes, my CA cert include the emailAddress.
So what are you doing? If your CA-cert includes the emailAddress how do you write the cert to the DN "cn=CA name,o=Acme,c=CL"? If you use the configuration parameter LDAP_CA_DN then you must specify the parameter LDAP_CRL_Issuer too.

Thanks, I 'll try to modify the openssl config file.
could That modification bring me problems in the future???

No, if you only add the subjectAltName for the CA-cert.


Do you have any document with the openca schema description to define
certificate objects and the application over Internet???
Do you mean the LDAP-schemas which we use? The easiest way is to look into ldap-utils.lib (sub addLDAPobject).

Michael
--
-------------------------------------------------------------------
Michael Bell Email (private): [EMAIL PROTECTED]
Rechenzentrum - Datacenter Email: [EMAIL PROTECTED]
Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482
Unter den Linden 6 Fax: +49 (0)30-2093 2959
10099 Berlin
Germany http://www.openca.org



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to