Generating the Signing Request
1. Log in to eDirectory as an administrator using iManager 2.7.0.
2. Browse to the Novell Certificate Server role.
3. Click on the Create Server certificate task.
The Server Certificate Creation wizard appears as shown below.
Figure 1 – Create Server Certificate wizard
4. Provide the LDAP server name and the Nickname.
5. Select the Custom option.
6. Click Next.
A web page appears, displaying two options to generate the certificate signing request.
The options are:
1) Use the Novell Organizational CA to sign the certificate signing request.
2) Use an External certificate authority to the certificate signing request.
7. Because the objective is to obtain a certificate from the third party CA, select External certificate authority.
8. Click Next.
Figure 2 – Selecting the external certificate authority
9. In the key size selection window, select the key size of the public/private keys to be generated by Novell security software.
10. Click Next.
The larger the key size, the greater the security that can be provided for communications.
Figure 3 – Specifying the private key
A web page containing subject name that is to be displayed on the X509 certificate appears.
11. Type the correct subject name for LDAP Server and click Next.
Figure 4 – Certificate parameters
Now all the details (Subject name, key pair size, certificate name) of the certificate signing request for the eDirectory SP2 LDAP server are displayed as shown as below.
Figure 5 – Parameter display
12. Click Finish button to obtain the Certificate signing request.
The certificate signing request is displayed as shown as below.
13. Save the CSR to disk.
Figure 6 – CSR results
Next, you need to create a trusted root container and trusted root in eDirectory to explicitly trust the third party CA. To do so,
14. In iManager2.7.0, browse to Novell certificate server role and click on trusted root container. The following web page appears.
Figure 7 – Creating the Trusted Root Container
14. Give a name for the trusted root container and select context as “Security”.
15. Click OK.
The Security container is successfully created.
16. Browse to the Novell certificate server.
17. Click on the trusted root to import the third-party CA certificate into eDirectory trusted certificates.
18. Provide the CA certificate obtained from CA to eDirectory as follows, and finish the wizard.
Figure 8 – Creating the Trusted Root
Obtaining an x509 Certificate from a Third-party CA