[Freeipa-users] host usercertificate attribute
Rob Crittenden
rcritten at redhat.com
Wed May 20 12:08:05 UTC 2015
Natxo Asenjo wrote:
> hi rob,
>
> On Mon, May 18, 2015 at 3:46 PM, Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>> wrote:
>
> Natxo Asenjo wrote:
>
> On Sat, May 16, 2015 at 10:24 PM, Natxo Asenjo
> <natxo.asenjo at gmail.com <mailto:natxo.asenjo at gmail.com>
> <mailto:natxo.asenjo at gmail.com <mailto:natxo.asenjo at gmail.com>>>
> wrote:
>
> hi,
>
> If I retrieve the usercertificate attribute for host
> objects I get
> some gibberish.
>
> How can I decode the info I get from ldapsearch?
>
>
> maybe there is a way to feed that to openssl. What I ended up
> doing was
> using Perl and Crypt::X509 and I can see all the certificate
> elements.
>
>
> They are DER-encoded files. Something like this will show the contents:
>
> $ openssl x509 -text -in /tmp/file
>
>
> $ openssl x509 -text -in ldapsearch-usercertificate-ZWnfJL
> unable to load certificate
> 139637925009264:error:0906D06C:PEM routines:PEM_read_bio:no start
> line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
>
> Apparently it misses some stuff.
You could try adding -inform DER
> As I wrote, I already got what I needed using perl, but maybe there are
> other ways.
rob
More information about the Freeipa-users
mailing list