When you install NetWare or OES 11 and later in an eDirectory environment, the Server Certificate service can create certificates for eDirectory services to use. In addition, custom certificates can be created after the install by using iManager or command line commands.
For NetWare, all applications are integrated with eDirectory. This allows applications to automatically use the server certificates created by Novell Certificate Server directly from eDirectory. In a NetWare cluster, you might have copied the Server Certificate objects to all nodes in the cluster using backup and restore functions as described in
Server Certificate Objects and Clustering in the Novell Certificate Server 3.3.2 Administration Guide.
For OES 11, many applications (such as Apache and Tomcat) are not integrated with eDirectory and therefore, cannot automatically use the certificates created by Novell Certificate Server directly from eDirectory. By default, these services use self-signed certificates, which are not in compliance with the X.509 requirements as specified in RFC 2459 and RFC 3280.
To address the difference, Novell Certificate Server offers an install option for OES 11 and later calledthat automatically exports the default eDirectory certificate and its key pair to the local file system in the following files: