I have noticed that certificates exported towards LDAP don't contain the markers "BEGIN CERTIFICATE" and "END CERTIFICATE". Therefore, I have got a problems in order to recover them for use. It's identical for CRLs.
The certificates and CRLs are exported in format DER to the LDAP directory. LDIF displays binary data with a base64 encoding which is also used by PEM. So there are two possibilities for you. First you can download the data in binary format and simply use them or second if you want to use LDIF then you must add the headerlines by yourself or use a base64 converter to get the binary encoded objects.
cACertificate;binary::MIIFIjCCBAqgAwIBAgIBADANBgkqhkiG9w0BAQUFADBhMRIwEAYKCZI> ...
certificateRevocationList;binary::MIIB5TCBzjANBgkqhkiG9w0BAQQFADBhMRIwEAYKCZI< ...
These are only binary datablobs encoded in base64 which is in fact same as PEM but of course without header and footerlines.
Is there a possibility to configure OpenCA that certificates and CRLs contain these markers ?, or must i regenerate these markers after a recovery for CRLs ?
You must regenerate the header and footer lines or load the data from the LDAP server via a script (and not via LDIF) which results in binary formatted objects (DER).
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
