Appendix F Certificate Download Specification; Importing Certificates Into Communicator - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
•
Subsequent certificates are all treated the same. If the certificates contain the SSL-CA
bit in the redhat-cert-type certificate extension and do not already exist in the local
certificate database, they are added as untrusted CAs. In this way they can be used for
certificate chain validation as long as there is a trusted CA somewhere along the chain.
Importing Certificates into Communicator
Communicator imports certificates via HTTP. There are several MIME content types that
are used to indicate to Communicator what type of certificate is being imported. These
MIME types are as follows:
•
application/x-x509-user-cert
The certificate being downloaded is a user certificate belonging to the user operating
Communicator. If the private key associated with the certificate does not exist in the
user's local key database, then Communicator generates an error dialog and the
certificate is not imported. If a certificate chain is being imported, then the first
certificate in the chain must be the user certificate, and any subsequent certificates will
be added as untrusted CA certificates to the local database.
•
application/x-x509-ca-cert
The certificate being downloaded represents a certificate authority. When it is
downloaded, a sequence of dialogs guides the user through the process of accepting the
Certificate Authority and deciding whether to trust sites certified by the CA.
If a certificate chain is being imported, the first certificate in the chain must be the CA
certificate, and Communicator adds any subsequent certificates in the chain to the local
database as untrusted CA certificates.
•
application/x-x509-email-cert
The certificate being downloaded is a user certificate belonging to another user for use
with S/MIME. If a certificate chain is being imported, the first certificate in the chain
must be the user certificate, and Communicator adds any subsequent certificates to the
local database as untrusted CA certificates. This process allows people or CAs to post
their email certificates on web pages for download by other users who want to send
them encrypted mail.
NOTE
Communicator checks that the size of the object being downloaded
matches the size of the encoded certificates. Therefore it is important to
ensure that no extra characters, such as
end of the object.
Importing Certificates into Communicator
or
, are added at the
NULL
Newline
Appendix F
Certificate Download Specification
723
Advertisement
Table of Contents
