Table of Contents
Advertisement
Identity Manager Certificate and Key Paths and Filenames
Table 6-2
Platform
Certificate Path and Filename
Windows
\windows_directory\dxicert.pem \windows_directory\dxipkey.pem
Linux and Solaris
/etc/dxicert.pem
NOTE: If you are using the pure Java remote loader (dirxml_jremote), the above locations
work. However, if dirxml_jremote is running on a non-UNIX-like platform, you must add the
following to the Java invocation line in the dirxml_jremote script:
-Dnovell.dirxml.remoteloader.audit_key_directory=<directory_name>
6.5 Validating Certificates
In Novell Audit, all logging application certificates must be signed by the Secure Logging Server
root certificate and they must contain an application identifier.
Use the following AudCGen command to determine whether a certificate is valid:
audcgen -cacert:filename -capkey:filename -verify -appcert:filename
When you use the -verify command, AudCGen checks the integrity of the target certificate. It
determines if the target certificate is derived from the Secure Logging Server root certificate
(trusted) and returns the logging application's application identifier.
The following sample command verifies the certificate for the Identity Manager Instrumentation:
audcgen -cacert:cacert.pem -capkey:capkey.pem -verify
-appcert:c:\windows\dxicert.pem
For more information, see
NOTE: Novell Audit 2.0.2 verifies only the Secure Logging Server and logging application
certificates. It does not verify any other certificates in the certificate chain. Consequently, if the
third-party CA expires or invalidates the Secure Logging Server certificate, AudCGen does not
identify the problem in the certificate chain and still trusts the Secure Logging Server root certificate
and its associated logging application certificates.
6.6 Securing Custom Certificates
If you generate a custom certificate and private key for the Identity Manager Instrumentation, it is
important to protect them because the location and name of the custom certificates are hardcoded.
The certificate and key files should only be accessible by the Identity Manager Instrumentation,
which loads locally on the server.
The following sections review the steps to protect custom certificates on each Novell Audit server
platform.
Section 6.6.1, "Windows," on page 38
Section 6.6.2, "Linux and Solaris," on page 38
Section 6.2, "The Novell Audit AudCGen Utility," on page
PrivateKey Path and Filename
/etc/dxipkey.pem
Securing the Connection with Novell Audit
32.
37
Advertisement
Table of Contents
Related Manuals for Novell IDENTITY MANAGER 3.6. - INTEGRATION
Related Products for Novell IDENTITY MANAGER 3.6. - INTEGRATION
- NOVELL IDENTITY MANAGER 3.6.1 - STAGING BEST PRACTICES GUIDE 2010
- NOVELL IDENTITY MANAGER 3.6.1 - NULL SERVICE AND LOOPBACK SERVICE DRIVERS
- NOVELL IDENTITY MANAGER 3.6.1 - JOBS GUIDE
- NOVELL IDENTITY MANAGER 3.6.1 - TASK SERVICE DRIVER
- NOVELL POLICIES IN IMANAGER 3.6.1 - 06-05-2009
- Novell 3.6 05-2008
- NOVELL ACCESS MANAGER 3.1 SP2 - README 2010
- NOVELL ACCESS MANAGER 3.1 SP2 BETA 1 - SCENARIOS 2009
- NOVELL IFOLDER 3.8 - CROSS-PLATFORM
- NOVELL ZENWORKS ENDPOINT SECURITY MANAGEMENT 3.5
- NOVELL ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
- NOVELL ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010
- Novell Enhanced Smart Card Method 3.0.1
- Novell iFOLDER 3.x
- Novell Access Manager 3.1 SP2 Beta 1
- Novell Access Manager 3.1 SP 2
Need help?
Do you have a question about the IDENTITY MANAGER 3.6. - INTEGRATION and is the answer not in the manual?
Questions and answers