Previous Page: Setting Up Object-Level Access Control  Next Page: Advanced Access Control Configuration

Using Third-Party Certificates

Novell iChain includes Novell Public Key Infrastructure Services (PKIS 2.0) to provide cryptography and enable certificate services in your iChain infrastructure. A Novell server certificate is installed and configured automatically when you install Novell iChain; however, you may want to use other third-party certificates, such as Baltimore* certificates, in your infrastructure. In order to use third-party certificates in your iChain infrastructure, you must request a certificate from a Certificate Authority (CA), have the CA sign the certificate, collect and export the certificate and its trusted root, and then import the certificate and its trusted root to the iChain Proxy Server. The following procedure describes the process for a Baltimore certificate.

To create a Certificate Signing Request (CSR) for a server certificate for the iChain Proxy Server:

  1. From ConsoleOne, access the tree containing the iChain Proxy Server.

  2. From within the server's OU, click New Object > NDSPKI:KeyMaterial.

    3.

  3. Specify a name for the certificate, such as proxy server certificate.

    4.

  4. Select Custom > click Next.

    5.

  5. Select External Certificate Authority.

    6.

  6. Select the key size > click Next.

    7.

  7. Click Next to accept the default subject name of the certificate.

    8.

  8. Click Finish.

    9.

  9. Click Save to save the CSR.

    10.

To sign the CSR, perform the following steps:

  1. Copy the CSR onto a diskette.

    2.

  2. Insert the diskette with the CSR into the drive of the Baltimore Certificate Authority.

    3.

  3. From the Registration Authority Operatory (RAO) menu of the Baltimore CA, click Face to Face Requests > Register a New User.

    4.

  4. Select the Baltimore policy you have previously created for the proxy server certificate.

  5. Locate the CSR file on the diskette > select the file > click Open.

    6.

  6. Click Accept to process the CSR.

    7.

To collect response to the CSR and export the trusted root, perform the following steps:

  1. Click Collect Reply from Last Request.

    2.

  2. Click File.

    3.

  3. Click DER Encoded Certificate.

    4.

  4. Save the response file to the diskette as a .DER file.

    5.

  5. Click OK to acknowledge.

    6.

  6. Click OK on the yellow back arrow.

    7.

  7. From the Certificate Authority Operator (CAO) menu, click Open/Create PKI.

    8.

  8. Right-click the CA object > click Export Certificate.

    9.

  9. Click DER Encoded Certificate.

    10.

  10. Save the Trusted Root file to the diskette as a .DER file.

    11.

  11. Select PKI > Done.

    12.

To import the new Trusted Root into the server certificate, perform the following steps:

  1. From ConsoleOne, right-click on the server certificate object you created when you made the certificate request and click Properties.

  2. Click Certificates > Trusted Root > Import > Read From File.

    3.

  3. Select the Trusted Root file on the diskette > click Open > Next.

    4.

  4. Click Read From File.

    5.

  5. Select the certificate response file from the diskette > click Open.

    6.

  6. Click Finish.

    7.


  Previous Page: Setting Up Object-Level Access Control  Next Page: Advanced Access Control Configuration