Understanding The Novell Certificate Server; Rights Required To Perform Tasks On Novell Certificate Server - Novell EDIRECTORY 8.8 SP2 - ADMINISTRATION Manual

2.7 Understanding the Novell Certificate Server

Novell Certificate Server
Security container object and an Organizational Certificate Authority (CA) object. The
Organizational CA object enables secure data transmissions and is required for Web-related
products such as NetWare Web Manager and NetWare Enterprise Web Server. The first eDirectory
SP2 server will automatically create and physically store the Security container object and
Organizational CA object for the entire eDirectory tree. Both objects are created and must remain at
the top of the eDirectory tree.
Only one Organizational CA object can exist in an eDirectory SP2 tree. After the Organizational CA
object is created on a server, it cannot be moved to another server. Deleting and re-creating an
Organizational CA object invalidates any certificates associated with the Organizational CA.
IMPORTANT: Make sure that the first eDirectory server is the server that you intend to
permanently host the Organizational CA object and that the server will be a reliable, accessible, and
continuing part of your network.
If this is not the first eDirectory server on the network, the installation program finds and references
the eDirectory SP2 server that holds the Organizational CA object. The installation program
accesses the Security container and creates a Server Certificate object.
If an Organizational CA object is not available on the network, Web-related products will not
function.
2.7.1 Rights Required to Perform Tasks on Novell Certificate
Server
To complete the tasks associated with setting up Novell Certificate Server, the administrator needs to
have rights as described in the following table.
84 Novell eDirectory 8.8 Administration Guide
Use auxiliary classes to customize your schema.
If a customer or application requires a User object that is different from the standard
inetOrgPerson, use auxiliary classes to customize your schema. Using auxiliary classes allows
application designers to change the attributes used in the class without needing to re-create the
tree.
Increase LDIF-import performance.
When the Novell Import Conversion Export utility is used, eDirectory SP2 indexes each object
during the process. This can slow down the LDIF-import process. To increase the LDIF-import
performance, suspend all indexes from the attributes of the objects you are creating, use the
Novell Import Conversion Export utility, then resume indexing the attributes.
Implement globally unique common names (CN).
eDirectory allows the same CN in different containers. However, if you use globally unique
CNs, you can perform searches on CN without implementing logic for dealing with multiple
replies.
allows you to mint, issue, and manage digital certificates by creating a
TM