hi,
connecting to a freeipa ldap host (that uses the 389 directory server under the hood) I can successfully retrieve certificates belonging to hosts.
I can then use Crypt::X509 to extract info from that. But how could I get the fingerprints? If I use the apache directory studio ldap client I can see the md5 and sha1 fingerprints of the attribute but I seem uncapable of getting it using my script.
my $ldap = Net::LDAP->new( $server ) or die "$@";
my $mesg = $ldap->start_tls(
verify => 'require',
sslversion => 'tlsv1',
);
$mesg = $ldap->bind (
"testuser",
password => 'pwd',
version => 3,
);
my $search = $ldap->search(
base => $base,
scope => 'sub',
filter => '(objectclass=*)',
attr => ['usercertificate'],
);
for my $entry ( $search->entries) {
my $cert = $entry->get_value( 'usercertificate' );;
my $decoded = Crypt::X509->new ( cert => $cert );
if ( $decoded->error ) {
warn "Error parsing certificate: ", $decoded->error;
}
print "Subject: " . $decoded->subject_cn, "\n";
print "notafter: " . gmtime( $decoded->not_after) , "\n";
}
So this works, but I see no method to get the fingerprint. Is there a way to get it from the info I get from ldap?