Novell LINUX ENTERPRISE SERVER 11 - SECURITY Manual page 220

6 Select the Certificates tab. Reset compromised or otherwise unwanted sub-CAs
7 Finish with OK
17.2.4 Creating or Revoking User
Creating client and server certificates is very similar to creating CAs in
"Creating a Root CA"
for e-mail signature, the e-mail address of the sender (the private key owner) should
be contained in the certificate to enable the e-mail program to assign the correct certifi-
cate. For certificate assignment during encryption, it is necessary for the e-mail address
of the recipient (the public key owner) to be included in the certificate. In the case of
server and client certificates, the hostname of the server must be entered in the Common
Name field. The default validity period for certificates is 365 days.
To create client and server certificates, do the following:
1 Start YaST and open the CA module.
2 Select the required root CA and click Enter CA.
3 Enter the password if entering a CA for the first time. YaST displays the CA key
4 Click Certificates (see
206 Security Guide
NOTE: Check your Valid Period
Take into account that the valid period must be lower than the valid
period in the root CA.
here using Revoke. Revocation is not enough to deactivate a sub-CA on its own.
Also publish revoked sub-CAs in a CRL. The creation of CRLs is described in
Section 17.2.6, "Creating CRLs"
Certificates
(page 202). The same principles apply here. In certificates intended
information in the Description tab.
(page 209).
Figure 17.3 ).
Section 17.2.1,