9.0 eDirectory Server Certificates

Novell Certificate Server provides two categories of services: Certificate Authority (CA) and Server Certificates. The Certificate Authority services include the Enterprise CA and CRL (Certificate Revocation List). Only one server can host the CA, and normally that same server hosts the CRLs if they are enabled (although if you move the CA to a different server, the CRLs usually stay on the old server). The CA and CRL services are not cluster-enabled in either NetWare or OES 2 Linux, and therefore, there are no cluster-specific tasks for them.

Novell Certificate Server provides a Server Certificates service for NetWare and Linux. The service is not clustered. However, clustered applications that use the server certificates must be able to use the same server certificates on whichever cluster node they happen to be running. Use the instructions in the following sections to set up Server Certificate objects in a clustered environment to ensure that your cryptography-enabled applications that use Server Certificate objects always have access to them.

The eDirectory Server Certificate objects are created differently in OES 2 Linux and cannot be directly reused from the NetWare server. The differences and alternatives for setting up certificates on Linux are described in the following sections: