Hi Stephen,
Thank you for this reply.
We created a second LDAP Identioty Provider (IDP) with the correct property that holds the X-509 certificate.
Now the original IDP shows the X-509 certificate for the records with the userCertificate;binary proeprty, but not the new records with the crossCertificatePair;binary. This new LDAP IDP shows the X-509 certificate for the new records, but obviously not for the 'old' records.
It was our believe that the indexing of the certificates (com.l7tech.server.identity.ldap.LdapCertificateCache) would enable getting the X-509 certificates from both properties.
Did we miss a configuration setting?
Regards,
Peter Oomen.