Understanding The Novell Certificate Server; Rights Required To Perform Tasks On Novell Certificate Server - Novell EDIRECTORY 8.8 SP5 - ADMINISTRATION Administration Manual

When the Novell Import Conversion Export utility is used, eDirectory indexes each object
during the process. This can slow down the LDIF-import process. To increase the LDIF-import
performance, suspend all indexes from the attributes of the objects you are creating, use the
Novell Import Conversion Export utility, then resume indexing the attributes.
Implement globally unique common names (CN).
eDirectory allows the same CN in different containers. However, if you use globally unique
CNs, you can perform searches on CN without implementing logic for dealing with multiple
replies.

2.7 Understanding the Novell Certificate Server

Novell Certificate Server
Security container object and an Organizational Certificate Authority (CA) object. The
Organizational CA object enables secure data transmissions and is required for Web-related
products such as NetWare Web Manager and NetWare Enterprise Web Server. The first eDirectory
SP4 server will automatically create and physically store the Security container object and
Organizational CA object for the entire eDirectory tree. Both objects are created and must remain at
the top of the eDirectory tree.
Only one Organizational CA object can exist in an eDirectory tree. After the Organizational CA
object is created on a server, it cannot be moved to another server. Deleting and re-creating an
Organizational CA object invalidates any certificates associated with the Organizational CA.
IMPORTANT: Make sure that the first eDirectory server is the server that you intend to
permanently host the Organizational CA object and that the server will be a reliable, accessible, and
continuing part of your network.
If this is not the first eDirectory server on the network, the installation program finds and references
the eDirectory server that holds the Organizational CA object. The installation program accesses the
Security container and creates a Server Certificate object.
If an Organizational CA object is not available on the network, Web-related products will not
function.
2.7.1 Rights Required to Perform Tasks on Novell Certificate
Server
To complete the tasks associated with setting up Novell Certificate Server, the administrator needs to
have rights as described in the following table.
Novell Certificate Server Task
Base security setup for installing the first server into
a new tree or upgrading the first server in a tree
where there is no base security previously installed
Base security setup for installing subsequent servers Supervisor right on the server's container
Creating the Organizational CA
86 Novell eDirectory 8.8 Administration Guide
allows you to mint, issue, and manage digital certificates by creating a
TM
Rights Required
Supervisor right at the root of the tree
Supervisor right on the Security container
Supervisor right on the W0 object (located
inside the Security container)
Supervisor right on the Security container