Hi all,
I have a query filter that looks like this: (userCertificate={0}${1})
I am trying to search for an explicit certificate in a directory, based on the serial number and the issuer DN. Can anyone confirm what encoding these values need to be in, and hat java library might help provide that encoding?
Regards, Graham —
On 01/27/2015 05:56 PM, Graham Leggett wrote:
Hi all,
I have a query filter that looks like this: (userCertificate={0}${1})
I am trying to search for an explicit certificate in a directory, based on the serial number and the issuer DN. Can anyone confirm what encoding these values need to be in, and hat java library might help provide that encoding?
Regards, Graham —
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
it is usually a base 64 of ASN.1 DER encoded. if the the CA is either Red Hat Certificate System or Dogtag from http://pki.fedoraproject.org/ the LDAP search base could be ou=certificateRepository, ou=ca,dc=ca1.example.com-pki-ca and the filter like serialno=0518300 (where the 05 is the number of digits of the serial itself) and attributes: dn subjectName certStatus serialno userCertificate the issuer would till have to be decoded from the based 64 ASN.1 blob of the attribute userCertificate;binary:: Thanks, M.
389-users@lists.fedoraproject.org