The LDAP service from GLOBALTRUST
The LDAP service can be used to call up additional information about people via their certificates and the certificate itself. All you need is an LDAP-enabled client or a number of programs support LDAP directly (including Microsoft Outlook and Mozilla Thunderbird)
The LDAP directory at GLOBALTRUST has the following basic structure: Root entry: c=AT,
Organization designation o=GLOBALTRUST or o=A-CERT,
Sub-designation ou=<product name> such as “A-CERT ADVANCED” or “GLOBALTRUST QUALIFIED”</product name>
A maximum of 50 hits are displayed for each search. If no search criterion is specified, the first 50 entries are displayed.
What is LDAP?
Lightweight Directory Access Protocol (LDAP) was created to facilitate the standardized exchange of personal information on the Internet.
It can be very helpful for exchanging certificates, especially for encrypted data transmission, which requires the message recipient’s certificate.
GLOBALTRUST uses the latest LDAP version, LDAPv3, which has been defined in a number of RFCs (including RFC3377, RFC3671, RFC3672, RFC3673, …).
What information does the GLOBALTRUST LDAP service provide?
In addition to the certificate itself (UserCertificate;binary), the following certificate information: serial number (serialNumber), e-mail address (mail) and certificate usage (cn) from the certificate.
Furthermore, additional information from the certificate is issued (if included):
– first name (givenName),
– surname (sn),
– Organization details (acertOrganization),
– location (acertLocation),
– Information about the test certificate (acertTestCertificate), X.509 Extension: If the field is present and “true”, the certificate in this node was created for test purposes,
– Management code according to § 19 E-Gov-G (acert management code), X.509 extension: contained in GLOBALTRUST/A-CERT GOVERNMENT certificates,
– Signature creation unit issued by GLOBALTRUST/A-CERT (acertIssuerInfo), X.509 extension: Information on the hardware signature creation unit used,
– Signature creation unit used by the signer (acertSigneeInfo), X.509 Extension: Information according to the signer on the hardware signature creation unit used,
– Identification number of the signature creation device (acertHWID),
– Revocation indicator (acertRevoked): Field “true” if certificate was revoked,
– Revocation date (acertRevokeDate): time of revocation,
– Provisional revocation date (acertTempHold): Time at which a certificate was provisionally revoked (but not yet finally revoked).
In the LDAP service, only those fields that contain applicable information are displayed, empty fields are not displayed. The LDAP service is updated daily.
Online LDAP search
A web interface for the LDAP search, with which you can easily search our database of public certificates, is in the works.
Open source LDAP client
http://www.ldapbrowser.com/ offers a free LDAP client. However, GLOBALTRUST does not guarantee functionality.
You might be interested in that
While digitization reached almost every aspect of daily work, the necessity for handwritten signatures in B2B environments preserves printing paper its crucial role – and incurs costs. However, by implementing e-signatures, businesses can reduce expenses, streamline processes, and contribute to a more sustainable...
User guide for signing and encrypting emails with the GLOBALTRUST CLIENT certificate on your Apple iPhoneAs of May 10, 2023 1 Basic 1.1 Goals of this document A step-by-step guide on how to add the certificate to your iPhone to then sign and/or encrypt emails. This guide was created for an Apple iPhone (iOS version:...
User guide for signing and encrypting emails using the GLOBALTRUST UPC token V2.0 (issued from May 15, 2023) in Microsoft Outlook.As of May 9, 2023 1 Basics 1.1 Goals of this document A step-by-step guide on how to add the certificate in Microsoft Outlook to sign and/or encrypt emails.These instructions were created...