|Applies To||RSA BSAFE Cert-J|
RSA BSAFE Cert-C
Keon Certificate Authority 5.7.1
Queries for an attribute of type "userCertificate" will also pick up any subtypes, including "userCertificate;binary"
|Issue||Using the LDAP database provider in RSA BSAFE Cert-J or Cert-C to retrieve certificates published by Keon Certificate Authority 5.7.1 from its LDAP server|
C_SelectCertByExtensions and the DatabaseService.selectCertificateByExtensions routines in Cert-C and Cert-J return 0 certs found
|Cause||Most LDAP servers store a certificate in an LDAP entry using the "userCertificate;binary" attribute - that is, an attribute of type "userCertificate" and subtype "binary". Keon Certificate Authority 5.7.1 does not use the "binary" subtype and simply stores it using the "userCertificate" attribute type.|
|Resolution||In RSA BSAFE Cert-J, set the LDAPConfiguration.setCertificateAttrs as follows to enable the "userCertificate" and "caCertificate" directory attributes to contain certificates as their values:|
LDAPConfiguration config = new LDAPConfiguration ("LDAP Configuration", InetAddress.getByName ("mykca571ldapserver.rsa.com"), 389);
as opposed to "userCertificate;binary,caCertificate;binary".
Similarly, in Cert-C, set the LDAP_DATA.certificateAttrs field to "userCertificate,cacertificate".
|Legacy Article ID||a9438|