Install Novell Certificate Server |
For the first installation to an eDirectory® tree:
- Supervisor at the [Root] of
the tree
For subsequent installations:
- Supervisor to the W0 object
- Rights needed to create a Server Certificate object
If a user doesn't have the rights to create a Server Certificate
object, the installation finishes, but the Server Certificate objects wil
need to be created manually by someone with the appropriate rights
and applications that use these certificates will need to be manually
configured.
|
Creating an Organizational CA |
- Supervisor on
the Security container
|
Viewing the Organizational CA's properties
and certificates |
- Browse on the
Organizational CA's object
|
Exporting the Organizational CA's certificate(s) |
- Browse on the
Organizational CA's object
|
Issuing a public key certificate |
|
Backing up and restoring an Organizational
CA |
- Supervisor on
the Organizational CA's object
|
Moving the Organizational CA to a different
server |
- Supervisor on
the Organizational CA's object
|
Validating the Organizational CA's Certificates |
- Browse on the
Organizational CA's object
|
Replacing the Organizational CA |
- Supervisor on
the Organizational CA's object
|
Deleting the Organizational CA |
- Delete on the
Organizational CA's object
|
Creating Server Certificate objects |
- Supervisor on
the server's container
|
Importing a public key certificate into
a Server Certificate object |
- Write to the
attribute NDSPKI:Public Key Certificate on
the Server Certificate object
- Write to the attribute NDSPKI:Certificate Chain on
the Server Certificate Object
|
Deleting a Server Certificate object |
- Delete on the
Server Certificate object
|
Exporting a Trusted Root or Public Key
Certificate from a Server Certificate object |
- Browse on the
Server Certificate object
|
Viewing the Server Certificate object's
properties and certificates |
- Browse on the
Server Certificate object
|
Backing up and restoring a Server Certificate object |
- Supervisor on
the server object that owns the Server Certificate object to back-up
- Create on the server object's container to restore.
|
Validating Server Certificates |
- Browse on the
Server Certificate object
|
Revoking Server Certificates |
- Read to the CA
Private Key or Delete on the Server Certificate object or Supervisor
on the Host Server (i.e. NCP Server object)
|
Replacing a server certificate's keying
material |
- Write to the
attribute NDSPKI:PrivateKey on the server certificate
object
|
Creating user certificates |
|
Importing a public key certificate into
a User object |
- Read and Write
on the attribute NDSPKI:userCertificateInfo on
the User object
- Read and Write to the attribute NDSPKI:userCertificate on
the User object
|
Viewing a user certificate's properties |
- Browse on the
User object
|
Exporting a user certificate |
- Browse on the
User object
|
Exporting a user's private key and certificate |
- You must be logged
in as the user.
|
Deleting a user certificate and private
key |
- Read and Write
to NDSPKI:userCertificateInfo
- Read and Write to userCertificate
|
Validating User Certificates |
- Browse on the
User object
|
Revoking User Certificates |
- Read to the CA
Private Key or Delete on the User Object or be logged-in as the
User and Write to the userCertificate attribute
|
Creating a Trusted Root Container |
- Create on the
Security container
|
Creating a Trusted Root object |
- Create on the
Trusted Root Container in which the Trusted Root object will reside
|
Viewing a Trusted Root object's properties |
- Browse on the
Trusted Root object
|
Replacing a trusted root certificate |
- Read and Write
to NDSPKI:Not After on the Trusted Root object
- Read and Write to NDSPKI:Not
Before on the Trusted Root object
- Read and Write to NDSPKI:Subject Name on the
Trusted Root object
- Read and Write to NDSPKI:Trusted Root Certificate on
the Trusted Root object
|
Validating a trusted root certificate |
- Browse on the
Trusted Root object
|
Revoking a trusted root certificate |
- Read to the CA
Private Key or Delete on the Trusted Root Object
|
Deleting a Trusted Root object |
- Delete on the
Trusted Root object
|
Creating a CRL Container |
- Supervisor on
the Security container
- Write to the attribute ndspkiCRLContainerDN on
the Organizational CA’s object
|
Deleting a CRL Container |
- Delete on the
CRL container
|
Creating a CRL Configuration object |
- Supervisor on
the CRL container
|
Activating a CRL Configuration object |
- Write to the
attribute ndspkiCRLConfigurationDNList on the Organizational
CA’s object
|
Viewing and/or Modifying a CRL
Configuration object's Properties |
Modifying
- Supervisor on the CRL Configuration
object or
or
- Write to the attribute being modified on the CRL
Configuration object
Viewing
- Browse on the CRL Configuration object
|
Deleting a CRL Configuration object |
- Delete on the
CRL Configuration object
|
Creating a CRL object |
- Supervisor of
the CRL Configuration object
|
Exporting a CRL file |
- Read from the
attribute certificateRevocationList
|
Replacing a CRL file |
|
Viewing a CRL object's properties |
- Browse to the
attribute certificateRevocationList
|
Deleting a CRL object |
- Delete on the
CRL Distribution Point
|
Creating a Security container |
- Create at the
root of the eDirectory tree
|
Creating a SAS service object |
- Supervisor on
the object's container
- Write to the attribue SAS:Service DN on
the server that the object is being created
|