Create an organizational certificate authority object

We can ceate an NDSPKI:Certificate Authority object during installation of eDirectory by using ConsoleOne.

The subject name, not the object name, must be a valid signatory. The subject name must have an organization field and a country field to be recognized as valid by ISAM. The default subject name is as follows:

0=organizational_entry_name.OU=Organizational DVD

This sample is not a valid signatory. To change it, we must re-create the certificate authority object with a valid subject name. To do so, follow these steps:

Steps

1. Start ConsoleOne.

2. Select the Security container object. Objects are displayed in the right pane of the window.

3. Select the Organization CA object and delete it.
4. Right-click the Security container object again and click New → Object.

5. From the list box in the New Object dialog, double-click NDSPKI: certificate authority. The Create an Organizational Certificate Authority Object dialog is displayed. Follow the online instructions.

6. Select the target server and enter an eDirectory object name.
   For example:
   Host Server Field = C22Knt_NDS.AM
   
   Object Name Field = C22KNT-CA

7. In Creation Method, select Custom.

8. Click Next. Depending on the installed version of Novell eDirectory, two more screens might display.

9. Click Next twice to continue.

10. Accept the default Subject name or enter a valid distinguished name for the certificate authority being defined. All certificates generated by the certificate authority are placed in this location.
11. The Organizational certificate authority is displayed in ConsoleOne as C22KNT-CA.

Parent topic: SSL access on Novell eDirectory server