This is a weird one and seems to be browser related.

Steps to Reproduce:
1. Install Directory Server
2. Create backend dc=example,dc=com and import the Example.ldif
3. Get a cert for one of user entries and add it to the entry
1.Go to the Gateway/Phonebook
e.g. http://master:19830/clients/dsgw/bin/lang?context=dsgw 
2.Click Advanced Search tab
3.Search a user (somebody) you want to download the cert file then click to the
link to open it.
4.The "download certificate" link will be display on top of the left side.
5. Click or double clicks to the link to download the file.

So for mozilla or firefox single or double click doesn't pop up the window to
allow you to download the user certificate and add it to your key ring.

On Safari ( or IE - Ben reports ) a single click does pop up the window to allow
you to download the user certificate and add it to your key ring. Now you can
send email to that person using their public key. 

The odd thing that that a right click on mozilla or firefox invokes the window
to download that users public key. 

DS7.2 is not a valid milestone anymore. Anything thats set to DS7.2 should be
set to DS8.0. Will make further changes per bug council on 07/24/2007, after this.

User ble@redhat.com's account has been closed

Created attachment 296266 [details]
diffs

Created attachment 296278 [details]
cvs commit log

Reviewed by: nkinder (Thanks!)
Fix Description: The code expects the attribute to be encoded like this -
attrname&mimetype&index.  However, the code was outputtting the & as literal
"&" chars. We need to output them encoded as %26 instead.
With this fix, if I click on the Download Certificate link, and the certificate
is a real email certificate (i.e. not a CA cert or a server cert or some other
type of cert), Firefox 2 will silently install it under Other People's
certificates in the certificate window.  An attempt to use any other type of
cert will silently fail.  NOTE: If you actually want to use this cert in an
email program, you should right click on the link and select Save Link As... to
save the cert in a local file, then import that into your email program.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no

Created attachment 310468 [details]
cvs commit log

Resolves: bug 171353
Bug Description: Unable to download a certificate from Gateway/Phonebook
Reviewed by: trivial
Fix Description: Have to support both "userCertificate;binary" and
"userCertificate"
Platforms tested: HP-UX
Flag Day: no
Doc impact: no

Intalled the binary cert via the console for user scarter; did the <advance
search> for this user via webapps; click <download certificate>; viewing the
downloaded certificat with this command: openssl x509 -inform DER -in
dosearch.html -text (see results below); marking this bug VERIFIED.

[root@dhcp-231 ~]# openssl x509 -in /tmp/dosearch.htm -text -inform DER
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10000 (0x2710)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: O=redhat, CN=RedHat Subordinate CA Test Cert
        Validity
            Not Before: Jun 19 20:53:43 2008 GMT
            Not After : Dec 19 20:53:43 2009 GMT
        Subject: O=redhat, CN=RedHat Subordinate CA Test Cert
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:af:5b:b5:20:12:46:c9:9c:2d:8d:df:7b:11:c1:
                    61:fa:79:9d:9a:3b:8c:52:81:4b:20:60:b9:43:e4:
                    2c:66:cc:a8:3b:66:bc:8a:3a:1e:f8:fe:af:3d:45:
                    86:34:16:39:7a:73:39:1f:e3:5d:e0:83:f9:3a:1e:
                    aa:0b:67:45:1c:4d:dd:fc:8c:1c:f4:4d:ea:4e:cc:
                    41:20:6e:2a:ce:0a:ef:76:04:37:59:e0:32:2f:64:
                    f4:2c:ea:a9:ad:f7:e2:ef:43:ae:d8:9e:09:62:8d:
                    7c:d2:fe:4d:44:c4:d1:7e:35:51:50:65:bf:85:81:
                    b4:1b:c1:2c:7e:31:1b:4f:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:TRUE, pathlen:0
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication,
OCSP Signing
            X509v3 Key Usage: 
                Digital Signature, Certificate Sign, CRL Sign
    Signature Algorithm: md5WithRSAEncryption
        a3:96:30:0f:9d:d5:fa:61:22:94:c6:d6:f6:c3:41:ad:67:5a:
        bb:9b:bc:d5:22:76:cb:3f:78:a8:8e:e2:60:28:72:c7:9a:d2:
        65:a0:5c:3c:62:a3:6e:f0:38:68:3e:db:88:14:2e:a6:df:32:
        cb:6e:4c:26:87:71:6b:3d:ab:5b:70:f8:d1:df:91:fa:d6:59:
        76:0d:d8:46:58:ba:b1:c2:29:b9:48:05:ab:11:9a:70:be:64:
        43:ca:c6:5b:0b:81:fe:40:de:d4:3e:56:b1:e6:f4:77:7d:67:
        cf:ef:49:ca:4b:d4:0f:30:27:e4:98:8a:d5:13:90:81:1f:f4:
        8e:0d
-----BEGIN CERTIFICATE-----
MIICNjCCAZ+gAwIBAgICJxAwDQYJKoZIhvcNAQEEBQAwOzEPMA0GA1UEChMGcmVk
aGF0MSgwJgYDVQQDEx9SZWRIYXQgU3Vib3JkaW5hdGUgQ0EgVGVzdCBDZXJ0MB4X
DTA4MDYxOTIwNTM0M1oXDTA5MTIxOTIwNTM0M1owOzEPMA0GA1UEChMGcmVkaGF0
MSgwJgYDVQQDEx9SZWRIYXQgU3Vib3JkaW5hdGUgQ0EgVGVzdCBDZXJ0MIGfMA0G
CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvW7UgEkbJnC2N33sRwWH6eZ2aO4xSgUsg
YLlD5CxmzKg7ZryKOh74/q89RYY0Fjl6czkf413gg/k6HqoLZ0UcTd38jBz0TepO
zEEgbirOCu92BDdZ4DIvZPQs6qmt9+LvQ67YnglijXzS/k1ExNF+NVFQZb+FgbQb
wSx+MRtPvQIDAQABo0kwRzAPBgNVHRMECDAGAQH/AgEAMCcGA1UdJQQgMB4GCCsG
AQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwCwYDVR0PBAQDAgGGMA0GCSqGSIb3
DQEBBAUAA4GBAKOWMA+d1fphIpTG1vbDQa1nWrubvNUidss/eKiO4mAocsea0mWg
XDxio27wOGg+24gULqbfMstuTCaHcWs9q1tw+NHfkfrWWXYN2EZYurHCKblIBasR
mnC+ZEPKxlsLgf5A3tQ+VrHm9Hd9Z8/vScpL1A8wJ+SYitUTkIEf9I4N
-----END CERTIFICATE-----
[root@dhcp-231 ~]#