3.2 Providing for Secure Data Transfers

If you plan to use the Remote Loader, the first step is to provide secure data transfer between the Remote Loader and the Metadirectory engine. This requires that a connection between the Remote Loader and the Metadirectory engine is set up by using the Secure Socket Layer (SSL).

To accomplish this, complete the following tasks:

If you are unfamiliar with certificates, it is easy to create a new one.

However, if an SSL server certificate already exists and you have experience with SSL certificates, you can use the existing certificate instead of creating and using a new one.

When a server joins a tree, eDirectory creates the following default certificates:

3.2.1 Creating a Server Certificate

  1. In Novell iManager, click Novell Certificate Server > Create Server Certificate.

    The server and certificate nickname edit boxes

  2. Select the server to own the certificate, and give the certificate a nickname (for example, remotecert).

    IMPORTANT:We recommend that you don’t use spaces in the certificate nickname. For example, use remotecert instead of remote cert.

    Also, make a note of the certificate nickname. You will use this nickname for the KMO name in the driver’s remote connection parameters.

  3. Leave the Creation method set to Standard, then click Next.

  4. Review the Summary, click Finish, then click Close.

    You have created a server certificate. Continue with Section 3.2.2, Exporting a Self-Signed Certificate.

3.2.2 Exporting a Self-Signed Certificate

  1. In iManager, click eDirectory Administration > Modify Object.

  2. Browse to and select the Certificate Authority in the Security container, then click OK.

    Certificate authority

    The Certificate Authority (CA) is named after the tree name (Treename-CA.Security).

  3. Click the Certificates tab, click Self-Signed Certificate, then click Export.

    The Certificates tab

  4. In the Export Certificate Wizard, select No, then click Next.

    You don’t want to export the private key with the certificate.

  5. Select File in Base64 format (for example, IDMDESIGNTREE CA.b64), then click Next.

    Radio button to specify the output format

    IMPORTANT:When the Remote Loader is running on a Windows 2003 R2 SP1 32-bit server, the certificate must be in Base64 format. If you use the DER format, the Remote Loader fails to connect to the Identity Manager engine.

  6. Click the link to Save the exported certificate to a file, specify a filename, specify a location, then click Save.

  7. In the Save As dialog box, copy this file to a local directory.

  8. Click Close.