Michael Luich wrote:
Does userCertificate, userSMIMECertificate, and userPKCS12 store the
users public or private key?
'userCertificate' is used solely to store the raw X.509 public-key cert.
'userSMIMECertificate' was meant to store a PKCS#7 blob signed by the entity
itself with the entity's X.509 public-key cert attached. It was possible for
an end-user with Netscape Communicator 4.x to send such a PKCS#7 blob to a
LDAP directory. I don't know any deployment which does that today.
'userPKCS12' contains a PKCS#12 blob which besides a cert chain potentially
contains the entity's private key hopefully all encrypted with a passphrase.
Again: I don't know any deployment which does that. Maybe in some Windows/AD
environment. However this could be helpful e.g. in a webmail deployment
together with S/MIME support.