Novell Documentation: Novell Certificate Server Libraries for C - Creating Server Certificates (Internal CA)

2.10 Creating Server Certificates (Internal CA)

The first step in creating a server certificate is to find and retrieve information from the server for which you wish to create a certificate. The second step is to find the CA and retrieve information from it. The third step is to determine the certificates attributes and extensions using the information from the previous two steps and user input.

Find the server for which you want to create a certificate by calling NPKIFindKeyGenServersForUser. Then call these accessor functions:
- NPKIServerNames—to retrieve the servers' DN
- NPKIGetServerInfo—to get the supported key generation algorithm and to determine whether the key generation server is the same server as the CA server
- NPKIGetAlgorithmInfo—to get the maximum supported key generation sizes
Find the CA by calling NPKIFindOrganizationalCA. Then call these accessor functions:
- NPKIGetHostServerDN—to get the name of the server that hosts the CA
- NPKIGetServerUTCTime—to get the current time on the server that hosts the CA
- NPKIGetServerInfo—to get the supported key signature algorithms and the maximum and minimum validity times
Determine the certificate attributes and extensions, then create the server certificate by calling NPKICreateServerCertificate. The server certificate must be stored once it is created (see Section 2.11, Storing Server Certificates (Internal CA)).

For a sample implementation of this task, see CreateServerCert.

IMPORTANT:During creation of server certificates, if the key-generation server is the same as the CA server, you should not store the certificates.