7.0 eDirectory Server Certificates

NetIQ Certificate Server provides two categories of services: Certificate Authority (CA) and eDirectory Server Certificates.

  • The Certificate Authority services include the Enterprise CA and CRL (Certificate Revocation List). Only one server can host the CA, and normally that same server hosts the CRLs if they are enabled (although if you move the CA to a different server, the CRLs usually stay on the old server). The CA and CRL services are not cluster-enabled. There are no cluster-specific tasks for them.

  • The eDirectory Server Certificates service is not clustered. However, clustered applications that use the server certificates must be able to use the same server certificates on whichever cluster node they happen to be running. You must set up Server Certificate objects in a clustered environment to ensure that your cryptography-enabled applications that use Server Certificate objects always have access to them.

The Server Certificates objects are created differently on Linux, and cannot be directly reused from the NetWare server. The differences and alternatives for setting up certificates for OES servers are described in the following sections: