This task is described in Chapter 2. See Creating a Trusted Root Container .
This task is described in Chapter 2. See Creating Trusted Root Objects .
In addition to the eDirectory rights and properties that are viewable with any eDirectory object, you can also view properties specific to the Trusted Root object, including the issuer, the certificate status, and the validation period.
These properties provide you with the information you need to perform any task related to this object.
Log in to the eDirectory tree as an administrator with the appropriate rights.
To view the appropriate rights for this task, see Viewing a Trusted Root objects properties.
Start ConsoleOne.
Open the Trusted Root Container that hosts the Trusted Root object.
Double-click the Trusted Root object.
This brings up the property pages for the Trusted Root object.
Click each tab that you want to view.
Click Cancel.
This task allows you to replace a Trusted Root Certificate that is stored in the Trusted Root object. This task should be performed if the Trusted Root Certificate has expired.
You can replace a Trusted Root Certificate from the Trusted Root object's property page.
Log in to the eDirectory tree as an administrator with the appropriate rights.
To view the appropriate rights for this task, see Replacing a trusted root certificate.
Start ConsoleOne.
Open the Trusted Root Container that hosts the Trusted Root object.
Double-click the Trusted Root object.
This brings up the property pages for the Trusted Root object.
Click the Trusted Root tab.
Click Replace.
This opens the Replace a Trusted Root Certificate Wizard that helps you replace the Trusted Root Certificate. For specific information on the wizard pages, click Help.
Click Cancel.
If you suspect a problem with a certificate or think that it might no longer be valid, you can easily validate the certificate using ConsoleOne. Any certificate in the eDirectory tree can be validated, including certificates issued by external CAs.
The certificate validation process includes several checks of the data in the certificate as well as the data in the certificate chain. A certificate chain is composed of a root CA certificate and, optionally, the certificates of one or more intermediate CAs. The certificate chain for a certificate signed by your Organizational CA is composed of one certificate, which is the Organizational CA's self-signed certificate. Externally signed user and server certificates may have longer chains.
A result of Valid means that all certificates in the certificate chain were found to be valid. Certificates are considered valid if they pass a predefined set of criteria including whether the current time is within the validity period of the certificate, whether it has not been revoked, and whether it has been signed by a CA that is trusted. Only those certificates with a CRL distribution point extension are checked for revocation.
A result of Invalid means that one or more certificates in the certificate chain were found to be invalid or their validity could not be determined. Additional information is provided in these cases about which certificate is considered invalid and why. Click Help for more information about the reason.
To validate a certificate:
Log in to the eDirectory tree as an administrator with the appropriate rights.
To view the appropriate rights for this task, see Validating a trusted root certificate.
Start ConsoleOne.
Double-click the trusted root object that hosts the certificate you want to validate.
Click the Trusted Root tab.
Click Validate.
The Certificate Validation screen will appear, providing the status of the certificate.
Click OK to exit.
NOTE: If the certificate in the object is not self-signed, its certificate chain must be in the Trusted Roots container in the Security container for the validation to succeed. Typically, the certificate chain consists of a single, root-level CA or it consists of an Intermediate CA and a root-level CA. The name of the Trusted Roots container must be Trusted Roots and each certificate in the chain must be stored in its own Trusted Root object. For instructions on how to create a Trusted Roots container and Trusted Root objects, see Creating a Trusted Root Container and Creating a Trusted Root Object .