On 01/27/2015 05:56 PM, Graham Leggett wrote:
Hi all,
I have a query filter that looks like this: (userCertificate={0}${1})
I am trying to search for an explicit certificate in a directory, based on the
serial number and the issuer DN. Can anyone confirm what encoding these values
need to be in, and hat java library might help provide that encoding?
Regards,
Graham
—
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
it is usually a base 64 of ASN.1 DER encoded.
if the the CA is either Red Hat Certificate System or Dogtag from
http://pki.fedoraproject.org/
the LDAP search base could be
ou=certificateRepository, ou=ca,dc=ca1.example.com-pki-ca
and the filter like
serialno=0518300
(where the 05 is the number of digits of the serial itself)
and attributes: dn subjectName certStatus serialno userCertificate
the issuer would till have to be decoded from the based 64 ASN.1 blob of
the attribute userCertificate;binary::
Thanks,
M.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
