Mohammad D wrote: > Hi all > I want to start LDAP service for publishing CRLs and Certificates for > a Certificate Authority. > I am new to ldap and I have not yet found any good references to > guide me how to use ldap for these purposes. > so I started playing around with Verisign's directory to get some > ideas: according to VeriSign's knowledge base ( > https://knowledge.verisign.com/support/mpki-support/index?page=conten >t&id=SO2121&actp=search&viewlocale=en_US&searchid=1305455725926) the > script * > ldapsearch -h directory.verisign.com -b "cn=<common name>,o=<Org > Name>" "(o=*)" "certificaterevocationlist" > *should return the CRL. If a pubkey and/or a CRL is stored ;-)
I am only a poor man :-) and do not have a verisign cert. From my Firefox browsers cert cache their is only one verisign cert, but w/o crl :-( . I assume that this cert is no longer stored at verisign. "cn" and "o" are from the old public key of "KAPLAN INC". A company which is totally unkown to me. I believe they have changed their CA. ldapsearch -x -h directory.verisign.com -b "cn=www.selftestsoftware.com,o=KAPLAN INC" "o=KAPLAN INC" "certificaterevocationlist" # extended LDIF # # LDAPv3 # base <cn=www.selftestsoftware.com,o=KAPLAN INC> with scope subtree # filter: o=KAPLAN INC # requesting: certificaterevocationlist # # search result search: 2 result: 32 No such object # numResponses: 1 -- Harry Jede
