7.3 Generating a Certificate by Using NetIQ iManager

  1. Ensure that eDirectory is configured as the CA.

  2. Issue the certificate for the Primary Server:

    1. Launch iManager.

    2. Log in to the eDirectory tree as an administrator with the appropriate rights.

      For more information about the appropriate rights, see the Entry Rights Needed to Perform Tasks section in the NetIQ Certificate Server 3.3 documentation.

    3. From the Roles and Tasks menu, click Novell Certificate Server > Issue Certificate.

    4. Click Browse to browse for and select the CSR file, zcm.csr, then click Next.

    5. Accept the default values for the key type, the key usage, and the extended key usage, then click Next.

    6. Accept the default certificate basic constraints, then click Next.

    7. Specify the validity period and the effective and expiration dates, then click Next. Depending on your needs, change the default validity period (10 years).

    8. Review the parameters sheet. If it is correct, click Finish. If it is incorrect, click Back until you reach the point where you need to make changes.

      When you click Finish, a dialog box is displayed and indicates that a certificate has been created. This exports the certificate into the binary DER-format.

    9. Download and save the issued certificate

  3. Export the Organizational CA's self-signed certificate:

    1. Log in to eDirectory from iManager.

    2. From the Roles and Tasks menu, click Novell Certificate Server > Configure Certificate Authority.

      This displays the property pages for the Organizational CA, which include a General page, a CRL Configuration page, a Certificates page, and other eDirectory-related pages.

    3. Click Certificates, then select Self Signed Certificate.

    4. Click Export.

      This starts the Certificate Export wizard.

    5. Deselect the Export the Private Key option, and choose the export format as DER.

    6. Click Next, then save the exported certificate.

    7. Click Close.

You should now have the three files that you need to install ZENworks using an external CA.