Syntax

    #include "npki.h"
    
    NWRCODE NPKIStoreServerCertificates(
       const NPKIContext    context, 
       const unicode       *serverDN,
       const unicode       *certificateName,
       const nuint32        flags,
       const nuint32        trustedRoot,
       const pnuint8        certificate,
       const nuint32        certificateLen,
       void                *reserved1,
       void                *reserved2);
     
    

Parameters

context

(IN) Specifies the NPKI context for the request.

serverDN

(IN) Specifies the FDN of the eDirectory server (that is, the server for which the certificate(s) are stored).

certificateName

(IN) Specifies which server certificate you want to store.

flags

(IN) Specifies which certificates are stored. The flags currently defined are:

• PKI_CHAIN_CERTIFICATE—Store the certificate chain.
• PKI_TRUSTED_ROOT_CERTIFICATE—Store the trusted root.
• PKI_SELF_SIGNED_CERTIFICATE—Store the self-signed certificate.
• PKI_OBJECT_KEY_CERTIFICATE—Store the object certificate.
• PKI_WAIVE_SUBJECT_NAME_IN_CERTIFICATE—Normally NPKIStoreServerCertificates checks that the requested name and the subject name in the certificate match. This optional flag waives the check, enabling the certificate to be stored even if the requested name and certificate name are dissimilar.

NOTE:The flags PKI_CHAIN_CERTIFICATE, PKI_TRUSTED_ROOT_CERTIFICATE, and PKI_SELF_SIGNED_CERTIFICATE are mutually exclusive. In addition, PKI_OBJECT_KEY_CERTIFICATE and PKI_TRUSTED_ROOT_CERTIFICATE are also mutually exclusive.

trustedRoot

(IN) Specifies which certificate to mark as the trusted root. Use one of the following defines:

• PKI_ORG_CA_CERTIFICATE—Use the self-signed organizational certificate as the trusted root. This is the most commonly used option.

  NOTE:This is the default flag developers typically should use.

• PKI_NOVELL_CERTIFICATE—Use the Novell Root Certifier Certificate as the trusted root. (Use this option only if your software can natively understand and process the Novell Security Attributes extension.)

  NOTE:If PKI_NOVELL_CERTIFICATE is used, the developer's relying software must be configured to handle the Novell Security Attributes extension (see Section 4.16, X.509 Extensions).

certificate

(IN) (Optional) Specifies a DER-encoded X.509 certificate.

NOTE:If the certificate parameter is not used, you must call NPKIGetCACertificates immediately before calling NPKIStoreServerCertificates.

certificateLen

(IN) (Optional) Specifies the length of the certificate, if present.

reserved1

Reserved for future use.

reserved2

Reserved for future use.

Return Values

Returns 0 if successful, or an eDirectory, PKI, or NetWare error code if not successful.

PKI NCP Calls

0x2222 93 07 Store Certificate

Remarks

Two of the three modes of calling NPKICreateServerCertificate require subsequent calls to NPKIStoreServerCertificates.

In the two server mode, after successfully calling NPKICreateServerCertificate, you should call NPKIGetCACertificates to retrieve the CA’s self-signed certificate. Then you should call NPKIStoreServerCertificates to store the certificates.

NPKIStoreServerCertificates combines the CA’s object certificate and certificate chain to form the certificate chain for the server.

In the external certificate authority mode, two calls to NPKIStoreServerCertificates should be made. One call should store the certificate chain and the other should store the newly created certificate. The certificates and certificateLen parameters provide the capability to send in a certificate to be stored.

See Also

NPKICertificateList, NPKICreateServerCertificate, NPKIFindServerCertificateNames, NPKIGetCACertificates, NPKIServerCertificateName, NPKIStoreServerCertificatesFromCertificateList