[Freeipa-users] host usercertificate attribute
Natxo Asenjo
natxo.asenjo at gmail.com
Wed May 20 11:15:48 UTC 2015
hi rob,
On Mon, May 18, 2015 at 3:46 PM, Rob Crittenden <rcritten at redhat.com> wrote:
> Natxo Asenjo wrote:
>
>> On Sat, May 16, 2015 at 10:24 PM, Natxo Asenjo <natxo.asenjo at gmail.com
>> <mailto:natxo.asenjo at gmail.com>> wrote:
>>
>> hi,
>>
>> If I retrieve the usercertificate attribute for host objects I get
>> some gibberish.
>>
>> How can I decode the info I get from ldapsearch?
>>
>>
>> maybe there is a way to feed that to openssl. What I ended up doing was
>> using Perl and Crypt::X509 and I can see all the certificate elements.
>>
>
> They are DER-encoded files. Something like this will show the contents:
>
> $ openssl x509 -text -in /tmp/file
>
$ openssl x509 -text -in ldapsearch-usercertificate-ZWnfJL
unable to load certificate
139637925009264:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
Apparently it misses some stuff.
As I wrote, I already got what I needed using perl, but maybe there are
other ways.
Thanks!
--
Groeten,
natxo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150520/47a0324c/attachment.htm>
More information about the Freeipa-users
mailing list