Certificate Authority

From MicroFocusInternationalWiki
Jump to: navigation, search

Draft CA Wiki

Starting point for Certificate Authority wiki -- for those who need to move their CA

Anders says, "Make sure that you create the new one in a format that you can backup."

Richard suggests the following for health checks:

"To examine the CA and W0 objects in the Security container and make sure they're correct, check the following things (from memory, incomplete list):

  • Security's NDSPKI:Tree CA DN=correct
  • W0's NDSPKI:SD Key ServerDN=correct
  • CA's Host Server=correct
  • Validate Org Certificate Authority's certs"

Related Utilities

  • pkidiag
  • sdidiag
  • tckeygen
  • ConsoleOne


A couple of TIDs to remember:

TID 3392944: Cross Platform PKIDIAG - recreating server certificates

TID Article

TID 10100262: "How to renew a server certificate for VPN server"

TID article

TID 3618399: "How do I move the Organizational CA to another server?"

TID article

TID 3623407: "Certificate Server Issues-Removing a Server from a Tree"

TID article

TID 10090166: "VeriSign Intermediate CA Replacement Instructions for NetWare 6 and NetWare 6.5"

TID article

TID 10074694: "NICI 1418 Errors"

TID article

The ConsoleOne documentation --

Manual article

For NW5.1 and NW6.0 --

TID 10050254: 'Reinstalling Certificate Server"

TID article

TID 10060118: "How do I move the Organizational CA to another server? "

TID article

TID 10065940: "Moving the Certificate Authority"

TID article

For NW6.0 --

TID 10071751: "Backing up and Moving the Tree Certificate Authority"

TID article
This TID was verified to work on eDir 8.8.2 with a Netware \ Linux Mixed Tree as well (Not by Novell)

This Wiki artcle can help with the tranistion to Linux, if you need it:

Recreating Server Certificates on OES Linux

Other Key Words to Study

  • Key Material Object

Room for Corrections

Looking forward to the sysops' notes on this page.