[
https://issues.apache.org/jira/browse/DIRSTUDIO-1108?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ingo Bahn updated DIRSTUDIO-1108:
---------------------------------
Attachment: winmail.dat
Hello Mr. Lecharny,
thank you for the quick reply and as well pointing out where to change the
setting for the Certificate Editor. That was new to me at all.
But it didn't help however. I am still getting the same. The below screenshots
hopefully help additionally to explain what is the case here.
The actual certificate was loaded in the first place by a bulk transfer from
the command line and having the Certificate in DER / "binary" format.
I however loaded / replaced today the Certificate in PEM format, as logged in
the attached TXT file [1].
But even after that in Apache Directory Studio one still gets here "Invalid
Certificate" for UserCertificate (OID: 1.3.6.1.4.1.1466.115.121.1.8) displayed
when connecting to the LDAP server through a TLS/SSL socket (LDAPS), Pic2.
Connecting to it by "plain" LDAP (no TLS/SSL socket) all is displayed as
expected, Pic1. That is the "weired" part to me.
And As can be seen at the end of [1] however, even if I import the certificate
as PEM, it is still stored in DER / binary format in the LDAP directory;
because openssl (...-inform pem) throws me an error if I try to read the
UserCertificate in PEM format directly from the LDAP directory.
I hope this helps further.
With best regards and have a good weekend ahead.
Ingo Bahn
Attachment:
"2016_07_29_001_DIRSTUDIO-1108_Activites.txt"
Pic1 - Obtaining attribute userCertificate;binary on unencrypted socket (LDAP,
TCP389) from directory server
Pic2 - Obtaining attribute userCertificate;binary (from Pic1) on encrypted
socket (LDAPS, TCP636) from directory server
-------- -------- -------- --------
Ingo Bahn (ISO 27001 certified)
gematik / test and certification
phone: +49 (30) 400 41-458
e-mail: [email protected]<mailto:[email protected]>
www.gematik.de<http://www.gematik.de/>
gematik
Gesellschaft für Telematikanwendungen der Gesundheitskarte mbH
Friedrichstrasse 136
10117 Berlin
Germany
Local district court Berlin-Charlottenburg, register of companies ID: HRB 96351
B
Executive director: Alexander Beyer
"Knowledge not shared is useless."
.
[
https://issues.apache.org/jira/browse/DIRSTUDIO-1108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15398794#comment-15398794
]
Emmanuel Lecharny commented on DIRSTUDIO-1108:
----------------------------------------------
Side note : you can desactivate the certificate editor in order to see your
certificate as a default String, in preference -> Apache Directory Studio ->
LDAP Browsers -> Value Editors, then edit the Value Editors by Syntax and
change the {{Certificate}} value editor from {{Certificate Editor}} to {{Hex
Editor}}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
> Getting Invalid Certificate for userCertificate;binary entry when connecting
> with LDAPS, LDAP works fine
> --------------------------------------------------------------------------------------------------------
>
> Key: DIRSTUDIO-1108
> URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1108
> Project: Directory Studio
> Issue Type: Bug
> Components: studio-ldapbrowser
> Affects Versions: 2.0.0-M10 (2.0.0.v20151221-M10)
> Environment: Apache Directory Studio running on:
> - Windows7/Java8,
> - CentOS7/Java8,
> - CentOS6/Java7.
> Reporter: Ingo Bahn
> Priority: Minor
> Attachments: winmail.dat
>
>
> Hello Apache Directory Studio development team.
> we are using Apache Directory Studio here in Version: 2.0.0.v20151221-M10.
> When I connect with it to an LDAP directory server with LDAP unencrypted
> (TCP389) the userCertificate;binary entry can be obtained just fine including
> its loading into the build-in Certificate Editor.
>
> But connecting to the same LDAP directory encrypted (TCP636), that same
> userCertificate;binary entry can't be read and Directory Studio is returning
> "Invalid Certificate" and then "Can't parse certificate".
> This is reproducable with Apache Directory Studio on the following
> environments I have available here to test:
> - Windows7/Java8,
> - CentOS7/Java8,
> - CentOS6/Java7.
> As well with the relevant command line tools like ldapsearch, ldapmodify etc.
> I am able to obtain or manipulate that entry on LDAP and LDAPS sockets and
> even with the "ancient" freeware LDAP-Browser 2.8.2 by Jarek Gawor, Copyright
> (c) 1998 University of Chicago I still have this is possible.
> The directory server used here is running on OpenLDAP. But also when
> obtaining this with LDAPS from a directory server with the same structure
> running on OpenDJ, the "Invalid Certificate" is thrown.
> That said I think this could be a possible bug - also considering that in my
> understanding obtaining an (attribute) entry or rather (reading and parsing)
> its content from a directory server, should be independant at all on how I
> connect to that directory server (LDAP vs. LDAPS) - isn't it?
> In case additional details would be needed I will gladly try to provide them.
> Please let me know.
> I also could provide you a PDF-file containing additional screenshots for the
> above description.
> Thank you in advance for your help and looking into it.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
