此範例將憑證授權單位憑證增加到 LDAP 目錄。這些憑證的目錄結構已經存在。將憑證及其所屬的 LDAP 項目輸入名為 add-root-CA-cert.ldif 的 .ldif 檔案中。除憑證資訊必須以 Base64 編碼文字輸入該檔案外,所有文字都必須以 ASCII 文字輸入︰
dn: cn=SMIME Admin,ou=people,o=demo.siroe.com,o=demo objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: certificationAuthority cn: RootCACerts sn: CA authorityRevocationList: novalue certificateRevocationList: novalue cacertificate;binary:: MFU01JTUUEjAQBgNVBAsTCU1zZ1NlcnZlcjcMBoGA1UEAxMTydG QGEwJVUzEOMAwGA1UEMFUJTUUxEjAQBgNVBAsTCU1zZ1NlcnZlcjEMBoGA1UEAxMTQ2VydG aFw0wNjAxMwODAwMDBaM267hgbX9FExCzAJByrjgNVBAk9STklBMQwCgYDVQQVHR8EgaQwg YTAlVMRMQYDVQQIEwpDQUxJRk9STklBMQwwCgYDVQQKEwww3ltgYz11lzAdBgNVBpYSE9Vc 5yZWQaddWlm899XBsYW5ldC5jb20wgZ8wDQYJoGBAK1mUTy8vvnOFg4mlHjkghytQUR1k8l 5mvWRf77ntm5mGXRD3XMU4OciUq6zUfIg3ngvxlLyERTIqjUS8HQU4R5pvj+rrVgsAGjggE +FNAJmtOV2A3wMyghqkVPNDP3Aqq2fkcn4va3C5nRNAYxNNVE84JJ0H3jyPDXhMBlQU6vQn weMBAAjggEXMIIBEzARBglghkgBhCAQEEBApqlSai4mfuvjh02SQkoPMNDAgTwMB8GA1UdI QYMBaAEd38IK05AHreiU9OYc6vNMOwZMIGsBgNVHR8EgaQwgaEwb6BtoGuGaWxkYXA6Lyht bmcucmVkLmlbGFuZXQuY29tL1VJD1DXJ0aWZpY2F0ZSBNYW5hZ2VyLE9VPVBlb3BsZSxPPW aWxxYT9jZXJ0aZpY2jdu2medXRllkghytQURYFNrkuoCygKoYoaHR0cDovL3Bla2kghytQU Zy5yZWQuaXBsYW5lC5jb20vcGVranLmNybDAeBgNVHREEFzAVgRNwb3J0aWEuc2hhb0BzdW 4uY29tMA0GCxLm78freCxS3Pp078jyTaDci1AudBL8+RrRUQvxsMJfZeFED+Uuf10Ilt6kw Tc6W5UekbirfEZGAVQIzlt6DQJfgpifGLvtQ60Kw==
使用 ldapmodify 指令將 CA 憑證增加至 LDAP 目錄︰
# ldapmodify -a -h demo.siroe.com -D "cn=Directory Manager" -w mypasswd -v -f add-root-CA-cert.ldif |
smime.conf 中的 trustedurl 參數值指定 CA 憑證在 LDAP 目錄中的位置。範例 1,trustedurl 設定為︰
trustedurl==ldap://demo.siroe.com:389/cn=SMIME Admin, ou=people, o=demo.siroe.com,o=demo?cacertificate;binary?sub? (objectclass=certificationAuthority)