3.2 Providing for Secure Data Transfers

If you plan to use the Secure Socket Layer (SSL) so that you can provide secure data transfers, complete the following tasks:

  1. Create a server certificate.

    If you are unfamiliar with certificates, create a new one.

    However, if an SSL server certificate already exists and you have experience with SSL certificates, you can use the existing certificate instead of creating and using a new one.

    When a server joins a tree, eDirectory creates the following default certificates:

    • SSL CertificateIP

    • SSL CertificateDNS

  2. Export a self-signed certificate.

3.2.1 Creating a Server Certificate

  1. In Novell iManager, click Novell Certificate Server > Create Server Certificate.

    The Server and Certificate Nickname Edit Boxes
  2. Select the server that will own the certificate, and give the certificate a nickname (for example, remotecert).

    IMPORTANT:We recommend that you don’t use spaces in the certificate nickname. For example, use remotecert instead of remote cert.

    Also, make a note of the certificate nickname. You will use this nickname for the KMO name in the driver’s remote connection parameters.

  3. Leave the Creation method set to Standard, then click Next.

  4. Review the Summary, click Finish, then click Close.

    You have created a server certificate. Continue with Section 3.2.2, Exporting a Self-Signed Certificate.

3.2.2 Exporting a Self-Signed Certificate

  1. In iManager, click eDirectory Administration > Modify Object.

  2. Browse to and select the Certificate Authority in the Security container, then click OK.

    Certificate Authority

    The Certificate Authority (CA) is named after the tree name (Treename-CA.Security).

  3. Click the Certificates tab, click Self-Signed Certificate, then click Export.

    The Certificate Tab
  4. In the Export Certificate Wizard, select No, then click Next.

    You don’t want to export the private key with the certificate.

  5. Select File in Base64 format (for example, akranes-tree CA.b64), then click Next.

    Radio Button to Specify the Output Format
  6. Click the link to Save the exported certificate to a file, specify a filename, specify a location, then click Save.

    Rootfile names require .pem as an extension.

  7. In the Save As dialog box, copy this file to a local directory.

  8. Click Close.