This list provides the specific entry rights an administrator needs to manage Novell® Certificate Server tasks within an eDirectory® tree. These rights are the minimum entry rights needed.
This list should also be helpful to the administrator who wants to grant rights to another user to manage part or all of company's certificate authority and certificate management needs.
Install Novell Certificate Server |
For the first installation to an NDS® tree: - Supervisor at the [Root] of the tree
For subsequent installations: - Supervisor to the W0 object
|
Creating an Organizational CA |
- Supervisor on the Security container
|
Viewing the Organizational CA's properties and certificates |
- Browse on the Organizational CA's object
|
Exporting the Organizational CA's certificate(s) |
- Browse on the Organizational CA's object
|
Issuing a public key certificate |
- Read to the NDSPKI:Private Key on the Organizational CA's object
|
Backing up and restoring an Organizational CA |
- Supervisor on the Organizational CA's object
|
Moving the Organizational CA to a different server |
- Supervisor on the Organizational CA's object
|
Validating the Organizational CA's Certificates |
- Browse on the Organizational CA's object
|
Replacing the Organizational CA |
- Supervisor on the Organizational CA's object
|
Deleting the Organizational CA |
- Delete on the Organizational CA's object
|
Creating Server Certificate objects |
- Supervisor on the server's container
- Read to the attribute NDSPKI:Private Key on the Organizational CA's object (only if using the Org. CA)
|
Importing a public key certificate into a Server Certificate object |
- Write to the attribute NDSPKI:Public Key Certificate on the Server Certificate object
- Write to the attribute NDSPKI:Certificate Chain on the Server Certificate Object
|
Deleting a Server Certificate object |
- Delete on the Server Certificate object
|
Exporting a Trusted Root or Public Key Certificate from a Server Certificate object |
- Browse on the Server Certificate object
|
Viewing the Server Certificate object's properties and certificates |
- Browse on the Server Certificate object
|
Backing up and restoring a Server Certificate object |
- Supervisor on the server object that owns the Server Certificate object to back-up
- Create on the server object's container to restore.
|
Validating Server Certificates |
- Browse on the Server Certificate object
|
Replacing a server certificate's keying material |
- Write to the attribute NDSPKI:PrivateKey on the server certificate object
|
Creating user certificates |
- Read to the attribute NDSPKI:Private Key on the Organizational CA object
- Read and Write to the attribute NDSPKI:userCertificateInfo on the User object
- Read and Write to the attribute SAS:SecretStore on the User object
- Read and Write to the attribute userCertificate on the User object
|
Importing a public key certificate into a User object |
- Read and Write on the attribute NDSPKI:userCertificateInfo on the User object
- Read and Write to the attribute NDSPKI:userCertificate on the User object
|
Viewing a user certificate's properties |
- Browse on the User object
|
Exporting a user certificate |
- Browse on the User object
|
Exporting a user's private key and certificate |
- You must be logged in as the user.
|
Deleting a user certificate and private key |
- Read and Write to NDSPKI:userCertificateInfo
- Read and Write to userCertificate
|
Validating User Certificates |
- Browse on the User object
|
Creating a Trusted Root Container |
- Create on the Security container
|
Creating a Trusted Root object |
- Create on the Trusted Root Container in which the Trusted Root object will reside
|
Viewing a Trusted Root object's properties |
- Browse on the Trusted Root object
|
Replacing a trusted root certificate |
- Read and Write to NDSPKI:Not After on the Trusted Root object
- Read and Write to NDSPKI:Not Before on the Trusted Root object
- Read and Write to NDSPKI:Subject Name on the Trusted Root object
- Read and Write to NDSPKI:Trusted Root Certificate on the Trusted Root object
|
Validating a trusted root certificate |
- Browse on the Trusted Root object
|
Deleting a Trusted Root object |
- Delete on the Trusted Root object
|
Creating a CRL Object |
- Create to the container that the cRLDistributionPoint object will be created in
|
Importing a third-party CRL |
- Write to the attribute certificateRevocationList
|
Exporting a third-party CRL |
- Read from the attribute certificateRevocationList
|
Replacing a third-party CRL |
|
Viewing a third-party CRL |
- Browse to the attribute certificateRevocationList
|
Creating a Security container |
- Create at the root of the eDirectory tree
|
Creating a SAS service object |
- Supervisor on the object's container
- Write to the attribue SAS:Service DN on the server that the object is being created
|