By default, the Novell Certificate Server installation process will create the Organizational Certificate Authority (CA) for you. You will be prompted to specify an Organizational CA name. When you click Finish, the Organizational CA is created with the default parameters and placed in the Security container.
If you want more control over the creation of the Organizational CA, you can create the Organizational CA manually using ConsoleOne® or Novell iManager. Also, if you delete the Organizational CA, you will need to re-create it.
IMPORTANT: During the creation process, you will be prompted to name the Organizational Certificate Authority object and to choose a server on which the Certificate Authority service will run.
Select a server that is physically secure, that will be available when needed to perform signing operations, that runs a protocol that is compatible with the other servers in your organization (for example, IP, IPXTM, IP/IPX), and that only runs software that you trust. It is important that your server meet these conditions, because the Organizational Certificate Authority object is the centerpiece of your PKI system and if the server that contains the object is compromised, your entire PKI system could be compromised as well.
To create the Organizational Certificate Authority object using ConsoleOne:
Log in to the eDirectory tree as an administrator with the appropriate rights.
To view the appropriate rights for this task, see Creating an Organizational CA.
Start ConsoleOne.
Expand the eDirectory tree where you want to create the Organizational Certificate Authority.
This reveals the Security container object.
Right-click the Security container object, then click New > Object.
From the list box in the New Object dialog box, double-click NDSPKI:Certificate Authority.
This opens the Create an Organizational Certificate Authority Object dialog box and the corresponding wizard that creates the object. Follow the prompts to create the object. For specific information on the dialog box or any of the wizard pages, click Help.
To create the Organizational Certificate Authority object using Novell iManager:
Launch Novell iManager.
Log in to the eDirectory tree as an administrator with the appropriate rights.
To view the appropriate rights for this task, see Creating an Organizational CA.
From the Roles and Tasks menu, click PKI Certificate Management > Create Certificate Authority.
This opens the Create an Organizational Certificate Authority Object dialog box and the corresponding wizard that creates the object. Follow the prompts to create the object. For specific information on the dialog box or any of the wizard pages, click Help.
NOTE: You can have only one Organizational CA for your eDirectory tree.