Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:11:00
Enzo Michelangeli (em@who.net)
Sat, 22 Aug 1998 12:08:46 +0800
Does anybody have pointers to a source of information (FAQ, RFC etc.)
describing the expected syntax and format for storing into a LDAP
directory server ASN.1 objects such as server certs, client certs,
certificate chains, private keys (hopefully encrypted into a secure
envelope) etc.?
So far, I have worked out that directory.verisign.com stores S/MIME
certificates under the attribute "usercertificate;binary", and the URL for
downloading "digital ID" (PKCS12 pairs?) under "labeleduri". The former
is described in RFC2256, the latter is not: which makes me think that it's
a Verisign-specific attribute.
Outlook Express' LDAP client queries for "usercertificate;binary", and
Netscape Messenger for both "usercertificate;binary" and
"usersmimecertificate;binary", but the latter, again, is not defined in
RFC2256. Instead, that RFC mentions cACertificate;binary,
authorityRevocationList;binary, certificateRevocationList and
crossCertificatePair;binary .
Also, Outlook Express manages to get with LDAP the full certificate chain,
but Messenger does not (at least, for certs issued by Verisign in
MS-compatible format) and asks you to trust the cert explicitly.
Any idea?
TIA --
Enzo
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:11:00