By default, the Novell Certificate Server installation process creates the Organizational Certificate Authority (CA) for you. You are prompted to specify an Organizational CA name. When you click Finish, the Organizational CA is created with the default parameters and placed in the Security container.
If you want more control over the creation of the Organizational CA, you can create the Organizational CA manually using ConsoleOne® or Novell iManager. Also, if you delete the Organizational CA, you will need to re-create it.
IMPORTANT: During the creation process, you are prompted to name the Organizational Certificate Authority object and to choose a server on which the Certificate Authority service will run.
Select a server that is physically secure, that will be available when needed to perform signing operations, that runs a protocol that is compatible with the other servers in your organization (for example, IP, IPXTM, IP/IPX), and that only runs software that you trust. It is important that your server meet these conditions, because the Organizational Certificate Authority object is the centerpiece of your PKI system and if the server that contains the object is compromised, your entire PKI system could be compromised as well.
To create the Organizational Certificate Authority object using ConsoleOne:
Log in to the eDirectory tree as an administrator with the appropriate rights.
To view the appropriate rights for this task, see Entry Rights Needed to Perform Tasks.
Start ConsoleOne.
Expand the eDirectory tree where you want to create the Organizational Certificate Authority.
This reveals the Security container object.
Right-click the Security container object, then click New > Object.
From the list box in the New Object dialog box, double-click NDSPKI:Certificate Authority.
This opens the Create an Organizational Certificate Authority Object dialog box and the corresponding wizard that creates the object. Follow the prompts to create the object. For specific information on the dialog box or any of the wizard pages, click Help.
To create the Organizational Certificate Authority object using Novell iManager:
Launch Novell iManager.
Log in to the eDirectory tree as an administrator with the appropriate rights.
To view the appropriate rights for this task, see Entry Rights Needed to Perform Tasks.
From the Roles and Tasks menu, click Novell Certificate Server > Create Certificate Authority.
This opens the Create an Organizational Certificate Authority Object dialog box and the corresponding wizard that creates the object. Follow the prompts to create the object. For specific information on the dialog box or any of the wizard pages, click Help.
NOTE: You can have only one Organizational CA for your eDirectory tree.