Zitat von Martijn Brinkers <[email protected]>:
On 06/19/2013 04:20 PM, Stefan Michael Guenther wrote:Hello,according to the admin guide it is possible to get CRLs over HTTP or by LDAP.But is it also possible to get the certificates from a LDAP/ADS-Server? I haven't found anything about this in the admin guide.This is currently not implemented. What I can do for now is create a mailet which calls a bash script with all the recipients as the parameters. The bash script should then return a list of PEM encoded certificates (if any) which then gets imported into the certificates store. You are then free to call whatever external service you like. To active the cert import module, you need to add the mailet to config.xml. The main benefit of using a bash script is that you are free to get certificates from anywhere, the downside is that this might be slower then having a native LDAP module. Kind regards, Martijn
Hello,would it be possible to get a API for extending Djigzo to use various additional forms of fetching certificates? For my understanding something like this would be useful:
- possibility to let Djigzo decide if the certificate is valid/expired/untrusted - possibility to force the certificate to the CTL whitelist even if not trusted (helpful for DANE selfsigned)
- adjust the trigger point in Djigzo for syncron/asyncron certificate fetchingMaybe even with some example code in Java this could help to get things like LDAP queries and even DANE (http://datatracker.ietf.org/wg/dane/) working.
Regards Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
