On 07/27/2011 04:31 PM, Marek Kreul wrote:
As LDAP search for certificates is currently not yet
available in djigzo, I thought about implementing a workaround for me to have at least the
certificates for my "well known" usergroup always up-to-date.
In my case, a simple bash script would connect to the djigzo database and read the list
of users that are currently configured.
It would then conduct an ldap search using each users email address to receive the
current certificate of that user. The users certificate in the database would be deleted,
and the new certificate retrieved from LDAP will be imported.
Would that be possible, and which steps would be necessary to import the certificate into
the database using psql?
1. Importing a certificate
Directly importing a certificate into the database is not a trivial
task. The main reason this is not easy is because certain fields of the
certificate are extracted and stored in database fields for improved
searching, chain building etc. There are however different ways to
import a new certificate
a. Use a command line tool
Goto the Djigzo home dir (for example /usr/share/djigzo)
Use the following command to import a certificate from a file:
java -cp djigzo.jar mitm.application.djigzo.tools.manager.Manager -store
cert -cer CERTIFICATE-FILE
the CERTIFICATE-FILE can be a single certificate (.cer) or a bunch of
It's a very rudimentary tool and hasn't been updated for a while but it
b. Use the SOAP interface
The Djigzo front-end (the GUI) only contains the GUI part and talks to
the back-end via SOAP. All 'hard' work is done by the back-end. If you
have a tool that can speak SOAP, you might be able to do everything via
SOAP calls. This however requires some more work because the SOAP
interface is not documented (although it's pretty straightforward).
2. deleting a certificate
Deleting a certificate is somewhat harder. The command line tool does
not allow you to delete a certificate so you should use SOAP for that or
use SQL commands to delete a certificate. It should be noted that it's
not always possible to delete a certificate. A certificate which is in
use cannot be deleted. A certificate is in use for example when it's
selected as a signing certificate or when it's explicitly selected (for
example as a domain certificate).
Is there a particular reason you want to delete a certificate? a
certificate which is expired is no longer valid and therefore no longer
3. getting a list of all users
You can either use SOAP or direct SQL commands to get a list of users.
Djigzo open source email encryption