To implement Certificate Server in your applications, you need to understand the following directory objects and attributes:
If you need more detailed information, see the Novell Certificate Server Administration Guide.
Certificate Authority (CA) objects are required to generate new certificates. The functionality of a CA is hosted by a specific server and implemented by PKI server software.
The organizational CA is the organizational (or root) CA. Every eDirectory tree can have only one organizational CA object, and the organizational CA object must be created before subordinate CAs.
The organizational CA can be created and viewed in ConsoleOne. Organizational CA has one object: Organizational CA, an eDirectory object.
A server can have multiple certificates, and the server’s Secure Authentication Services (SAS) object maintains the list of these certificates. Server-based applications can use these certificates to enable encryption, such as Secure Socket Layer (SSL), Transport Layer Security (TLS), and Virtual Private Network (VPN) sessions.
Server certificates can be created and managed in ConsoleOne. Server certificates support applications on a given server that use keys and certificates; for example, Lightweight Directory Access Protocol (LDAP), BorderManager®.
Server certificates can be exported to and imported from a PKCS#12 file. This can be done through ConsoleOne.
Each user can have any number of certificates, and each certificate can have different key sizes and be customized for different uses, such as key encryption and digital signature. Applications are able to select from among available keys or use a key with a given nickname.
Once Certificate Server is installed, ConsoleOne can manage Novell user certificates. User certificates have the following attributes: