3.2 Providing for Secure Data Transfers
If you plan to use the Secure Socket Layer (SSL) so that you can provide secure data transfers, complete the following tasks:
-
Create a server certificate.
If you are unfamiliar with certificates, create a new one.
However, if an SSL server certificate already exists and you have experience with SSL certificates, you can use the existing certificate instead of creating and using a new one.
When a server joins a tree, eDirectory creates the following default certificates:
-
SSL CertificateIP
-
SSL CertificateDNS
-
-
Export a self-signed certificate.
3.2.1 Creating a Server Certificate
-
In Novell iManager, click .
-
Select the server that will own the certificate, and give the certificate a nickname (for example, remotecert).
IMPORTANT:We recommend that you don’t use spaces in the certificate nickname. For example, use remotecert instead of remote cert.
Also, make a note of the certificate nickname. You will use this nickname for the KMO name in the driver’s remote connection parameters.
-
Leave the Creation method set to , then click .
-
Review the Summary, click , then click .
You have created a server certificate. Continue with Section 3.2.2, Exporting a Self-Signed Certificate.
3.2.2 Exporting a Self-Signed Certificate
-
In iManager, click .
-
Browse to and select the Certificate Authority in the Security container, then click .
The Certificate Authority (CA) is named after the tree name (Treename-CA.Security).
-
Click the tab, click , then click .
-
In the Export Certificate Wizard, select , then click .
You don’t want to export the private key with the certificate.
-
Select (for example, akranes-tree CA.b64), then click .
-
Click the link to , specify a filename, specify a location, then click .
Rootfile names require .pem as an extension.
-
In the Save As dialog box, copy this file to a local directory.
-
Click .