Configuring Secure Data Transfers for the DirXML Driver for eDirectory

Complete this section only if you are provisioning an eDirectory account tree. The DirXML driver for eDirectory requires Novell Certificate Server^TM and a Certificate Authority (CA) to ensure data security. All transactions between trees must be secured through SSL technology.

If the Workforce Tree is running eDirectory 8.7, use the NDS2NDS Driver Certificate wizard to set up KMOs as explained in the following sections. If the Workforce Tree is running an earlier version of eDirectory 8.7, set up certificates as explained in Configuring Secure Data Transfers using ConsoleOne .

Install NICI

This procedure installs NICI 2.4.1, which is required for the Certificate Wizard.

1. At the Web server, insert the Web Applications CD.

2. Run INSTALLS\WIN\NICI\WCNICIU0.EXE.

3. At the Welcome page, click Next.

4. At the License Agreement page, click Yes to accept the license terms.

5. At the Setup Complete page, mark Yes I Want to Restart My Computer Now, then click Finish.

6. Continue with the next section.

Run the Certificate Wizard

1. Launch iManager and authenticate to your Workforce Tree.

2. Click DirXML Management > NDS2NDS Driver Certificate.

3. At the Welcome page, enter the requested information for the first tree (in this case, the Workforce Tree).

   Default values are provided using objects in the tree that you authenticated to when you launched iManager. You must enter or confirm the following information:

   • Driver DN: Use the distinguished name of the eDirectory driver, such as
     EP-EDir-Workforce.Nsure Resources.Services.YourOrganization
   • The tree name: Enter the IP address for the Workforce Tree.
   • A username for an account with Admin privileges, such as Admin.
   • The password for the user.
   • The user's context, such as Services.YourOrganization

4. Click Next.

   The wizard uses the information you entered to authenticate to the first tree, verify the driver DN, and verify that the driver is associated with a server.

5. Enter the requested information for the second tree (in this case, the Account Tree).

   Enter or confirm the following information:

   • Driver DN: Use the distinguished name of the eDirectory driver, such as EP-EDir-Account.DriverSet.YourOrganization
   • The tree name: Enter the IP address for the Account Tree.
   • A username for an account with Admin privileges, such as Admin.
   • The password for the user.
   • The user's context, such as London.YourOrganization

6. Click Next.

   The wizard uses the information you entered to authenticate to the second tree, verify the driver DN, and verify that the driver is associated with a server.

7. Review the information on the Summary Page, then click Finish.

   If KMOs already existed for these trees, the wizard deletes them and then does the following:

   • Exports the trusted root of the CA in tree one.
   • Creates KMO objects
   • Issues a certificate signing request
   • Places certificate key pair names in the drivers' Authentication ID

8. Complete preparation of other participating systems and then proceed to Testing the Novell Nsure Resources Process .