LDAP authentication, as described in Section 36.3.4, Providing LDAP Authentication for GroupWise Users, relies on the presence of a trusted root certificate (often named rootcert.der) located on your LDAP server. A trusted root certificate is automatically created for a server when you install eDirectory on that server. However, circumstances might arise where you need to create one manually. You can do this in ConsoleOne.
Make sure that Novell International Cryptography Infrastructure (NICI) is installed on the workstation where you run ConsoleOne.
If necessary, you can download NICI from the Novell Product Downloads site.
In ConsoleOne, click
and verify that the following snap-ins are installed:Novell LDAP
Novell Certificate Server
Novell Modular Authentication Services (NMAS)
You can download these snap-ins from the Novell Product Downloads site. After these snap-ins are installed, you can generate a trusted root certificate for the LDAP server.
In ConsoleOne, check current SSL/TLS configuration of the LDAP server:
Browse to and right-click the LDAP Server object in your eDirectory tree (typically named LDAP Server - server_name), then click .
Click
.Note the name of the server certificate (typically SSL CertificateDNS).
Make sure that
is not selected.Export a trusted root certificate:
Browse to and right-click the SSL Certificate object identified in Step 3.c, then click .
Click
.Click
, then click .Click
.When asked if you want to export the private key with the certificate, select
, then click .In the
box, select .In the
field, specify the full path and file name for the trusted root certificate.IMPORTANT:For use with GroupWise, the name of the trusted root certificate file can consist of 8 characters plus the .der extension. It cannot be a long file name. The most convenient location for the trusted root certificate for use with GroupWise is in the directory where the POA software is installed. By default, the POA looks for a file named ngwkey.der.
Click
, then click .You are now ready to configure the POA for LDAP authentication, as described in Section 36.3.4, Providing LDAP Authentication for GroupWise Users.