Creating Server Certificate Objects

Server Certificate objects are created in the container that holds the server's eDirectory object. Depending on your needs, you might create a separate Server Certificate object for each cryptography-enabled application on the server. Or you might create one Server Certificate object for all applications used on that server.

NOTE:  The terms Server Certificate Object and Key Material Object (KMO) are synonymous. The schema name of the eDirectory object is NDSPKI:Key Material.

The Novell Certificate Server installation process can create a Server Certificate object for you. You will be prompted to specify a Server Certificate object name. When you click Finish, the Server Certificate object is created with the default parameters and placed in the container where the target server resides.

If you want more control over the creation of the Server Certificate object, you can create the Server Certificate object manually using ConsoleOne or Novell iManager. You can also create additional Server Certificate objects.

To create additional Server Certificate objects using ConsoleOne:

  1. Log in to the eDirectory tree as an administrator with the appropriate rights.

    To view the appropriate rights for this task, see Creating Server Certificate objects.

  2. Start ConsoleOne.

  3. Right-click the container object that contains the server that will run your cryptography-enabled applications, then click New > Object.

  4. From the list box in the New Objects dialog box, double-click NDSPKI:Key Material.

    This opens the Create a Server Certificate dialog box and the corresponding wizard that creates the Server Certificate object. Follow the prompts to create the object. For specific information on the dialog box or any of the wizard pages, click Help.

To create additional Server Certificate objects using Novell iManager:

  1. Launch Novell iManager.

  2. Log in to the eDirectory tree as an administrator with the appropriate rights.

    To view the appropriate rights for this task, see Creating Server Certificate objects.

  3. From the Roles and Tasks menu, click PKI Certificate Management > Create Server Certificate.

    This opens the Create a Server Certificate dialog box and the corresponding wizard that creates the Server Certificate object. Follow the prompts to create the object. For specific information on the dialog box or any of the wizard pages, click Help.


Hints for Creating Server Certificates

During the Server Certificate object creation process, you will be prompted to name the key pair and choose the server that the key pair will be associated with. The Server Certificate object is generated by Novell Certificate Server, and its name is based on the key pair name that you choose.

If you choose the Custom creation method, you will also be prompted to specify whether the Server Certificate object will be signed by your organization's Organizational Certificate Authority or by an external Certificate Authority. For information about making this decision, see Deciding Which Type of Certificate Authority to Use .

If you decide to use your organization's Organizational CA, the server that the Server Certificate object is associated with must be able to communicate with the server that hosts the Organizational CA, or it must be the same server. These servers must be running the same protocol (IP/IPX).

If you decide to use an external Certificate Authority to sign the certificate, the server that the Server Certificate object is associated with will generate a certificate signing request that you will need to submit to the external Certificate Authority.

After the certificate is signed and returned to you, you will need to install it into the Server Certificate object, along with the trusted root for the external Certificate Authority. For specific information on any of the wizard pages, click Help.

After you have created the Server Certificate object, you can configure your applications to use it. (See Configuring Cryptography-Enabled Applications .) Keys are referenced in the application's configuration by the key pair name that you entered when you created the Server Certificate object.