You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@directory.apache.org by Legolas Woodland <le...@gmail.com> on 2007/08/15 17:59:40 UTC

How i can import and store X509 certification into apacheDS?

Hi
Thank you for reading my post
Can we use ApacheDS to import some certificate (X509 digital certificate)
into it for our users?

Is there any document fot doing this?

Thanks

Re: How i can import and store X509 certification into apacheDS?

Posted by Enrique Rodriguez <en...@gmail.com>.

On 8/15/07, Legolas Woodland <le...@gmail.com> wrote:
> Hi
> Thank you for reading my post
> Can we use ApacheDS to import some certificate (X509 digital certificate)
> into it for our users?
>
> Is there any document fot doing this?

Yes, this works.  The core schema, which is enabled by default, has
support for RFC 2256, which contains attribute type userCertificate.
The cert attributes in RFC 2256 have been updated by RFC 4510 & RFC
4523, but the basic attribute and OID are the same.

I can't think of a consolidated example of how to do this, but there
are resources online for:

1)  Reading a cert from disk into an X509Certificate object.
2)  Calling cert.getEncoded() to get the ASN.1 DER as a byte[].
3)  Performing a basic JNDI binary write to the directory.

The following unit tests show some ways to work with a userCertificate:

core-unit:
org.apache.directory.server.core.jndi.SearchContextITest#testBinaryAttributesInFilter()

server-unit:
org.apache.directory.server.BinarySearchTest#testSearchByBinaryAttribute()

Enrique