Public key cryptography presents developers with unique security challenges. Depending upon which API you implement, Novell Certificate Server helps you meet these challenges in the following ways (see Table 1 for a review of the capabilities of each library):
You can create an Organizational Certificate Authority (CA) within your eDirectory tree, allowing you to issue an unlimited number of user and server certificates. You can also use the services of an external certificate authority, or use a combination of both as your needs dictate.
You can create an Organizational CA, generate unlimited key pairs, and issue unlimited public key certificates through the Organizational CA at no charge.
Key pairs are stored in eDirectory and can therefore leverage eDirectory replication and access control features.
Private keys are encrypted by Novell International Crytographic Infrastructure (NICI) and made available only to the software routines using them for signing and decrypting operations.
Private keys are encrypted by NICI, stored in eDirectory, and backed up using standard eDirectory backup utilities.
A ConsoleOne snap-in allows the administrator to manage certificates issued from a Novell CA.
Users can use the Novell Certificate Console utility to export keys for use in cryptography-enabled applications without requiring intervention by the system administrator.
Novell Certificate Server allows you to create and manage industry standard user certificates for securing e-mail. Novell Certificate Server supports Microsoft Outlook98*, Outlook2000, Netscape* Messenger*, and other popular e-mail clients. It also supports both Netscape Navigator* and Microsoft Internet Explorer.
Novell Certificate Server enables you to import CRLs into the directory. This allows users and administrators to validate certificates through ConsoleOne. Certificate chains can also be validated. This validation process starts at the root certificate and checks every certificate up to the trusted root.