Novell Documentation: Novell Certificate Server Libraries for C

2.5 Creating User Certificates

The first step in creating a user certificate is to find a CA and retrieve information from it. The second step is to find a key generation server and retrieve information from it. The third step is to determine the certificates attributes and extensions using the information from the previous two steps and user input.

Find the CA by calling NPKIFindOrganizationalCA. Then call these accessor functions:
- NPKIGetHostServerDN—to get the name of the server that hosts the CA
- NPKIGetServerUTCTime—to get the current time on the server which hosts the CA
- NPKIGetServerInfo—to get the supported key signature algorithms and the maximum and minimum validity times
Only servers holding a writeable partition that contains the user's object can create certificates for the user. Call NPKIFindKeyGenServersForUser to find a server that holds this partition. After a successful return, you can use the following accessor functions:
- NPKIServerNames—to retrieve the servers' DN
- NPKIGetServerInfo—to get the supported key generation algorithm and to determine whether the key generation server is the same server as the CA server
- NPKIGetAlgorithmInfo—to get the maximum supported key generation sizes.
Determine the certificate attributes and extensions, then create the user certificate by calling NPKICreateUserCertificate.

For a sample implementation of this task, see CreateUserCert.