Absent Member.
Absent Member.
280 views

Securing LDAP with an InCommon cert

I'm trying to set up secure LDAP between my organization and its parent
entity. Their cert provider is InCommon, so I had to submit my CSR to
them. I created the CSR in iManager and submitted it, and received the
following in reply:

=========================================================================================
* Click the following link to download your SSL certificate (generally
try to use a version that includes intermediates & root or your
certificate may be rejected by some older clients)

Format(s) most suitable for your server software:
as X509, Base64 encoded: [URL ending in "&format=x509"]

Other available formats:
as PKCS#7 Base64 encoded: [URL ending in "&format=base64"]
as PKCS#7 Bin encoded: [URL ending in "&format=bin"]
as X509 Certificate only, Base64 encoded: [URL ending in
"&format=x509CO"]
as X509 Intermediates/root only, Base64 encoded: [URL ending in
"&format=x509IO"]
as X509 Intermediates/root only Reverse, Base64 encoded: [URL
ending in "&format=x509IOR"]
=========================================================================================

When I submitted the CSR to InCommon, I specified the server type as
'other', since "Novell eDirectory" wasn't a choice.

If I download the first cert and import it to the KMO object, I get "A
certificate was not found in the NDS tree certificate authority (CA)
object or Server Certificate Object (also known as the Key Material
Object)."

If I download "X509 Certificate only" and "X509 Intermediates/root only"
(both Base64 encoded), I get "PKI ERROR -1227 - A link within the
certificate chain in a Server Certificate Object (also known as the Key
Material Object) is missing or is invalid."

Does anyone know how to make this work?

Thanks





Labels (1)
0 Likes
1 Reply
Highlighted
Absent Member.
Absent Member.

Re: Securing LDAP with an InCommon cert

On 6/19/2013 3:51 PM, Douglas Black wrote:
> I'm trying to set up secure LDAP between my organization and its parent
> entity. Their cert provider is InCommon, so I had to submit my CSR to
> them. I created the CSR in iManager and submitted it, and received the
> following in reply:
>

[snip]
>
> When I submitted the CSR to InCommon, I specified the server type as
> 'other', since "Novell eDirectory" wasn't a choice.
>
> If I download the first cert and import it to the KMO object, I get "A
> certificate was not found in the NDS tree certificate authority (CA)
> object or Server Certificate Object (also known as the Key Material
> Object)."
>
> If I download "X509 Certificate only" and "X509 Intermediates/root only"
> (both Base64 encoded), I get "PKI ERROR -1227 - A link within the
> certificate chain in a Server Certificate Object (also known as the Key
> Material Object) is missing or is invalid."
>
> Does anyone know how to make this work?
>


The answer turned out to be "convert the 'all in one' certificate to a
P7B cert". If this was obvious to everyone but me, I apologize for
wasting bandwidth.


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.