Thursday, August 28, 2008

Blackberry S/MIME Certificates

I've been trying to mash up a way to serve PK certificates (X.509) to Blackberries without the overhead of the whole BES server. It turns out that a very plan OpenLDAP installation (available for most Linux distributions) works very well. The quick start guide is enough to get the server up and running. It took a little work figure out how to get the certificates pushed into the server. It turns out that they have to be in DER format, while they are normally in PEM format. No problem OpenSSL takes care of that:

openssl x509 -outform DER -in incert.pem -out outcert.der

Then include the following line in your LDIF file for the user:

userCertificate;binary:< file:///path/to/outcert.der

I finally found that out from here.

No comments:

Post a Comment