Re: Retrieving userCertificate
Senandung Mendonan wrote: > Ram A M wrote: > > Any name type fields that VeriSign's service returns are directly > from > > the certificates though parsed out by the service and not the client. > I > > don't recall if Moz. pulls the certificates out in the initial > > transaction (name matching against the server), it may only pull the > > certificate when it needs it (i.e. to encrypt an email). > > Your recollection is correct (at least according to my LDAP server > logs). It doesn't retrieve the userCertificate attribute during name > matching. Rather, it only looks up userCertificate right after you > click on the 'Send' button (for encrypted mail). > > > Are you able to get this far (lookups) with Moz against your > directory? > > Yes, as the LDAP logs I've shown in previous message. > > --mendonan my guess is the contents you load are the problem. check the format of the attribute. ___ mozilla-directory mailing list mozilla-directory@mozilla.org http://mail.mozilla.org/listinfo/mozilla-directory
Re: Retrieving userCertificate
Ram A M wrote: > Any name type fields that VeriSign's service returns are directly from > the certificates though parsed out by the service and not the client. I > don't recall if Moz. pulls the certificates out in the initial > transaction (name matching against the server), it may only pull the > certificate when it needs it (i.e. to encrypt an email). Your recollection is correct (at least according to my LDAP server logs). It doesn't retrieve the userCertificate attribute during name matching. Rather, it only looks up userCertificate right after you click on the 'Send' button (for encrypted mail). > Are you able to get this far (lookups) with Moz against your directory? Yes, as the LDAP logs I've shown in previous message. --mendonan ___ mozilla-directory mailing list mozilla-directory@mozilla.org http://mail.mozilla.org/listinfo/mozilla-directory
ANNOUNCE: Mozilla LDAP C SDK version 5.15
This version contains: 1) A fix for the deprecated get password function on HP-UX 11.11 2) Support for the upgraded components NSPR 4.4.1 and NSS 3.9.3 3) Support for the newly open sourced SVRCORE SVRCORE provides for secure PIN management when using the SSL enabled command line tools. This used to be an internal only Netscape/Sun/AOL component but was recently open sourced. Download and build instructions are available from http://www.mozilla.org/directory/csdk.html ___ mozilla-directory mailing list mozilla-directory@mozilla.org http://mail.mozilla.org/listinfo/mozilla-directory
Re: Retrieving userCertificate
Senandung Mendonan wrote: Rich Megginson wrote:- That could be it, especially since you also cannot sign. I have the same problem in reverse with my Thawte Freemail cert - it works in Mozilla apps but not in Outlook. Bummer. Any guidelines on how to generate a really portable certificate? I generated mine using openssl, like so:- I just don't know, I'm hardly an expert on certs. I would suggest an openssl mailing list or netscape.public.mozilla.security openssl ca -in testuser.req -out testuser.crt -cert CA.crt -keyfile CA.key -days 3650 (with the appropriate keys, csrs, and CA pairs) and then converted to PKCS#12 using:- openssl pkcs12 export -out testuser.p12 -in testuser.crt -inkey testuser.key -certfile CA.crt i.e. all default settings, no tweakings. And imported it into the Mozilla-based client. Anything I did wrong? These work ok on Outlook and friends.. --mendonan ___ mozilla-directory mailing list mozilla-directory@mozilla.org http://mail.mozilla.org/listinfo/mozilla-directory
Re: Retrieving userCertificate
Any name type fields that VeriSign's service returns are directly from the certificates though parsed out by the service and not the client. I don't recall if Moz. pulls the certificates out in the initial transaction (name matching against the server), it may only pull the certificate when it needs it (i.e. to encrypt an email). Are you able to get this far (lookups) with Moz against your directory? ___ mozilla-directory mailing list mozilla-directory@mozilla.org http://mail.mozilla.org/listinfo/mozilla-directory
