Hi Dave, LDAP can be tricky, especially because if the DNs are not precise, you will not find what you are looking for. You might want to use one LDAP browsers (some time ago Mozilla had one built in.. now I don't think Firefox supports ldap:// urls anymore..). If you can find it for your system I usually use 'gq' - last version I checked was from 2006. The url on the 'About' is this:
http://www.gq-project.org/
but that points just to an empty page.. a very simple google search
gave me back this:
http://linux.softpedia.com/get/Utilities/GQ-LDAP-Client-11212.shtml
there are many others out there (most of them are Java, though...).
Also, another thing: check that the certificate CDP (CRL Distribution
Point) is correct.
Another possibility is to download the new LibPKI - there is a tool
there that allows you to download data from different URLs, and in
particular from LDAP by using something like:
$ url-tool "ldap://ldap.dartmouth.edu:389/cn=Dartmouth CertAuth1, o=Dartmouth College,
C=US, dc=dartmouth, dc=edu?cACertificate;binary"
You can find the libpki here:
http://ftp.openca.org/libpki/releases/
The version 0.4.0 is on its way...
Later,
Max
On 11/13/2009 09:41 AM, blain...@gdls.com wrote:
Hi all, Unlike most folks, I was able to publish my certificates and CRL's in LDAP using Openca 1.0.2. My problem exists with check for it in LDAP. Using PKIVIEW in Windows it mentions that it is "Unable to download" the CRL from the LDAP CDP. It reports "OK" for the http one. I used an ldap search command to check the existance of the CRL in LDAP and that it was not expired. Here is the command I used: ./ldapsearch -x -h host -b "cn=Root CA,ou=Trustcenter,dc=domain,dc=com" certificateRevocationList I am also able to use IE to at least contact the LDAP server via this method (unsure how to download CRL using this method): ldap://host/cn=Root CA,ou=Trustcenter,dc=domain,dc=com Any help appreciated!!!! Dave
--
Best Regards,
Massimiliano Pala
--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] ope...@acm.org
project.mana...@openca.org
Dartmouth Computer Science Dept Home Phone: +1 (603) 369-9332
PKI/Trust Laboratory Work Phone: +1 (603) 646-8734
--o------------------------------------------------------------------------
People who think they know everything are a great annoyance to those of us
who do.
-- Isaac Asimov
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
