Edirectory Server Certificates - Novell OPEN ENTERPRISE SERVER 2 SP 2 - CLUSTER SERVICES 1.8.7 FOR LINUX Manual

NetWare and Linux Clusters Are in Different Trees
In this scenario, the NetWare server and the OES 2 SP1 Linux server are on different eDirectory
trees. The NetWare source server must be running NetWare 5.1 or later versions. The Linux target
server must be running OES 2 SP1 Linux on either 32-bit or 64-bit hardware.
Run the DNS migration tool from one of the Linux nodes.Perform the Tree Level Migration with a
different Source server (tree to which NetWare clustered nodes are attached) and Target server (tree
to which the Linux clustered nodes are attached). This ensures that the entire NetWare DNS
configuration data is available for Linux DNS. For information see
Servers across eDirectory
IMPORTANT: Before starting the DNS server on the Linux cluster, stop the DNS server on the
Netware cluster.
Post-Migration Tasks
See "Post-Migration

6.3.9 eDirectory Server Certificates

Novell Certificate Server
Server Certificates. The Certificate Authority services include the Enterprise CA and CRL
(Certificate Revocation List). Only one server can host the CA, and normally that same server hosts
the CRLs if they are enabled (although if you move the CA to a different server, the CRLs usually
stay on the old server). The CA and CRL services are not cluster-enabled in either NetWare or OES
2 Linux, and therefore, there are no cluster-specific tasks for them.
Novell Certificate Server provides a Server Certificates service for NetWare and Linux. The service
is not clustered. However, clustered applications that use the server certificates must be able to use
the same server certificates on whichever cluster node they happen to be running. Use the
instructions in the following sections to set up Server Certificate objects in a clustered environment
to ensure that your cryptography-enabled applications that use Server Certificate objects always
have access to them.
The eDirectory Server Certificate objects are created differently in OES 2 Linux and cannot be
directly reused from the NetWare server. The differences and alternatives for setting up certificates
on Linux are described in the following sections:
"Server Certificate Changes in OES 2 Linux" on page 72
"Using Internal Certificates in a Cluster" on page 73
"Using External Certificates in a Cluster" on page 73
Server Certificate Changes in OES 2 Linux
When you install NetWare or OES 2 Linux in an eDirectory environment, the Server Certificate
service can create certificates for eDirectory services to use. In addition, custom certificates can be
created after the install by using iManager or command line commands.
72 OES 2 SP2: Novell Cluster Services 1.8.7 for Linux Administration Guide
Trees" in the OES 2 SP2: Migration Tool Administration
Procedure" in the OES 2 SP2: Migration Tool Administration
provides two categories of services: Certificate Authority (CA) and
TM
"Using iManager to Migrate
Guide.
Guide.