Full_Name: Pierangelo Masarati Version: HEAD/re24 OS: irrelevant URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (131.175.154.35) Submitted by: ando A certificate in certificateExactAssertion GSER form should be something like (wrapped for readability) { serialNumber 3, issuer rdnSequence:email=ca@example.com,cn=example ca,o=example,st=xx,c=us } according to RFC4523 & RFC3687, as far as I understand it. However, OpenLDAP HEAD uses the form { serialNumber 3, issuer "email=ca(a)example.com,cn=example ca,o=example,st=xx,c=us" } Note the quotes around the DN and the missing "rdnSequence:" prefix. p.