000025307 - Using the LDAP database provider in RSA BSAFE Cert-J or Cert-C to retrieve certificates published by Keon Certificate Authority 5.7.1 from its LDAP server

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025307
Applies ToRSA BSAFE Cert-J
RSA BSAFE Cert-C
Keon Certificate Authority 5.7.1
Queries for an attribute of type "userCertificate" will also pick up any subtypes, including "userCertificate;binary"
IssueUsing the LDAP database provider in RSA BSAFE Cert-J or Cert-C to retrieve certificates published by Keon Certificate Authority 5.7.1 from its LDAP server
C_SelectCertByExtensions and the DatabaseService.selectCertificateByExtensions routines in Cert-C and Cert-J return 0 certs found
CauseMost LDAP servers store a certificate in an LDAP entry using the "userCertificate;binary" attribute - that is, an attribute of type "userCertificate" and subtype "binary". Keon Certificate Authority 5.7.1 does not use the "binary" subtype and simply stores it using the "userCertificate" attribute type.
ResolutionIn RSA BSAFE Cert-J, set the LDAPConfiguration.setCertificateAttrs as follows to enable the "userCertificate" and "caCertificate" directory attributes to contain certificates as their values:

LDAPConfiguration config = new LDAPConfiguration ("LDAP Configuration", InetAddress.getByName ("mykca571ldapserver.rsa.com"), 389);

config.setCertificateAttrs ("userCertificate,caCertificate");

as opposed to "userCertificate;binary,caCertificate;binary".

Similarly, in Cert-C, set the LDAP_DATA.certificateAttrs field to "userCertificate,cacertificate".
Legacy Article IDa9438

Attachments

    Outcomes