6.1 Configuring the Publisher Channel

  1. Create a server certificate in iManager.

    1. In the Roles and Tasks view, click Novell Certificate Server > Create Server Certificate.

    2. Browse to and select the server object where the SOAP driver is installed.

    3. Specify a certificate nickname.

    4. Select Standard as the creation method, then click Next.

    5. Click Finish, then click Close.

  2. Export a self-signed certificate from the certificate authority in eDirectory™.

    1. In the Roles and Tasks view, click Directory Administration > Modify Object.

    2. Select your tree’s certificate authority object, then click OK.

      It is usually found in the Security container and is named something like TREENAME CA.Security.

    3. Click Certificate > Self Signed Certificate.

    4. Click Export.

    5. When asked if you want to export the private key with the certificate, click No, then click Next.

    6. Based on the client to be accessing the Web service, select either File in binary DER format or File in Base64 format for the certificate, then click Next.

      If the client uses a Java-based keystore or trust store, then you can choose either format.

    7. Click Save the exported certificate to a file.

    8. Click Save and browse to a known location on your computer.

    9. Click Save, then click Close.

  3. Import the self-signed certificate into the client’s trust store:

    The steps to import the certificate vary depending on the client that connects to the Publisher channel’s HTTPS listener. If the client uses a typical Java keystore, you can perform the following steps to create the keystore:

    1. Use the keytool executable that is included with any Java JDK*.

      For more information on keytool, see Keytool - Key and Certificate Management Tool.

    2. Enter the following command at a command prompt:

      keytool -import -file name_of_cert_file -trustcacerts -noprompt 
      -keystore filename -storepass password        
      

      For example:

      keytool -import -file tree_ca_root.b64 -trustcacerts -noprompt -keystore dirxml.keystore -storepass novell
      
  4. Configure the Publisher channel to use the server certificate you created in Step 1:

    1. In iManager, in the Roles and Tasks view, click Identity Manager > Identity Manager Overview.

    2. Locate the driver set containing the SOAP driver, then click the driver’s icon to display the Identity Manager Driver Overview page.

    3. In the Identity Manager Driver Overview page, click the driver’s icon again, then scroll to Publisher Settings.

    4. In the KMO name setting, specify the certificate nickname you used in Step 1.

  5. Click Apply, then click OK.