Server
The Organizational CA service runs from a single server in the eDirectory® tree. Specify a server that is highly accessible. Only one Organizational CA can be in any one eDirectory tree.
Object Name
Give the Organizational CA's eDirectory object a name descriptive of your organization's name. For example, "Acme Tools CA."
You can enter up to 64 characters in the eDirectory object name and Host Server fields.
The CA object is created and placed in the Security container in the eDirectory tree. The CA is assigned the best available options for signature algorithms and key size options.
Creation Method
Standard
Select this method to create an Organizational CA using the largest possible default values for key size and signature algorithm. You only need to specify a name for the CA object and indicate the server on which the certificate authority service will run.
The server should
- Be available to sign public key certificates for Server Certificate objects when needed
- Reside in a physically secure location
- Be a permanent server in your network
Custom
Select this option to create an Organizational CA using customized parameter settings.
Note: You must choose this option if you want to
- Specify the key size.
The key sizes available depend on which NICI cryptography engine is loaded on the server.
- Specify a signature algorithm other than SHA-1.
- Specify a validity period for the CA's certificate.
Note: The server that the custom-created Organizational CA will run on should meet all of the server requirements identified in the Standard options.
Import
This option creates an Organizational CA object using the keys and certificates from a PKCS12 (PFX) file. You can use this option in conjunction with the Export feature to backup and restore an Organizational CA object or to move an Organizational CA object from one server to another.
A trademark symbol (®, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For information on trademarks, see Legal Notices.