Configuring SSL on NDS Platforms

The Identity Manager Driver for Legacy NDS® supports the Secure Sockets Layer (SSL) protocol. The XML-RPC protocol can be an SSL connection.


The XML-RPC protocol in the Legacy NDS driver configuration

If you want an SSL connection, configure SSL on both the NDS and eDirectoryTM platforms.

NOTE:  Ensure that you use the same eDirectory tree CA to configure SSL on both the NDS and eDirectory platforms.

  1. On a machine that has OpenSSL, generate the private key and the Certificate Signing Request (CSR) by executing the following command:

    openssl req -new -keyout key.pem -out csrtreq.pem -days 365

  2. Follow the prompts to generate the key.pem file and the csrtreq.pem file.

    The PEM passphrase refers to the password of the private key that is to be used while configuring the NDS agent in Step 4.

    The key.pem file contains the private key. The csrtreq.pem file contains the CSR.

  3. Transfer the csrtreq.pem file to the system that has eDirectory installed.

  4. Have the CSR signed by eDirectory:

    1. In iManager, log in to eDirectory as an administrator with the appropriate rights.

    2. From the Roles and Tasks menu, click Novell Certificate Server > Issue Certificate.

    3. Specify the path to the csrtreq.pem file, or browse to select it, then click Next.

    4. Select SSL or TLS as the key type, then click Next.

    5. Verify the certificate parameters, then click Next.

    6. Select File in Base64 format as the file format to which the certificate is to be saved.

    7. Click Next to view the parameters of the issued certificate.

    8. Click Download the Issued Certificate as Pubkey.pem, then specify the path to which the certificate is to be saved.

    9. Click Close.

    The file that you saved is the public key certificate file.

  5. Export the self-signed certificate of the eDirectory CA as rootcert.pem.

    1. To open the Modify Object page, from the Roles and Tasks menu, click eDirectory Administration > Modify Object.

    2. Use the Object selector icon to browse to the Organizational CA, then click OK.

      The Organizational CA is present under the Security container at the top level of the tree.

    3. Select the Certificates tab and then select Self Signed Certificate.

    4. Click Export.

    5. When you are prompted to export the private key along with the certificate, select No, then click Next

    6. Select File in Base64 format as the file format to which the certificate is to be saved, then click Next.

    7. Save the issued certificate as rootcert.pem by clicking Save the Exported Certificate to a File.

      This is the root certificate file.

  6. Transfer the private key file (key.pem), public key certificate file (pubkey.pem), and the root certificate file (rootcert.pem) to the NDS machine.

    The private key and public key are in pem format.