Oes 2 Certificate Management - Novell OPEN ENTERPRISE SERVER - PLANNING AND IMPLEMENTATION GUIDE 12-2010 Implementation Manual

22.1.2 OES 2 Certificate Management

OES 2 enhances certificate management as follows:

"Installation of eDirectory Certificates" on page 228

"What Is Installed Where" on page 228

"Novell Certificate Server" on page 229

"Server Self-Provisioning" on page 229

"PKI Health Check" on page 229
Installation of eDirectory Certificates
As you install eDirectory and OES 2, by default all HTTPS services are configured to use
eDirectory certificates. This means that eDirectory is established as the Certificate Authority for the
tree you are installing into, and it will generate keys and certificates for the server and replace the
installed SLES certificates with the eDirectory certificates.
What Is Installed Where
Key and certificate files are installed in the following locations:
Table 22-1
Location
/etc/ssl/certs
/etc/ssl/servercerts
228 OES 2 SP3: Planning and Implementation Guide
File Locations
Details
This is the default location of trusted root certificates for clients
on the server.
Most of the applications on the server are configured to use
this directory. For example, the LDAP client uses one or more
of the trusted certificates in this directory when establishing a
secure LDAP connection.
The OES 2 installation copies the eDirectory tree CA's
certificate (
eDirCACert.pem
CA as a trusted root.
Everyone (other) has rights to read the contents of this
directory.
The standard location for the server's raw private key
( ) and certificates (
serverkey.pem
Applications on the server, including OES 2 applications, are
configured to point to the files in this directory.
Only and some specific groups can read the files in this
root
directory.
) here, thereby establishing the
).
servercert.pem