This page allows you to specify a server that will own the Server Certificate object, a nickname for the Server Certificate object, and a creation method.
A Server Certificate object can be associated with only one server unless used in a clustered environment. In addition, a unique Server Certificate object should be created for each cryptography-enabled application installed on the server. Consequently, you should name each Server Certificate object in a way that describes its function.
Novell® Certificate Server creates a Server Certificate object and names the object based on the certificate name you entered and the server you selected to own the certificate. For example, if you named your certificate "LDAP Services Certificate" and the server's name is Payroll, the Server Certificate object would be named "LDAP Services Certificate - Payroll."
Once created, a Server Certificate object should not be moved or renamed. This is because applications are configured to reference the certificate name you entered. Changing the Server Certificate object name would require that you change the configuration for the application. In addition, a Server Certificate object should stay within the container where its server resides in order to maintain an implicit containment of certificates for servers.
You can use Server Certificates in a clustered environment by placing exact replicas of the Server Certificate on each server in the cluster. See the Novell Certificate Server Administration Guide for more details.
Server
The selected server name appears in this read-only field. If you want to select a different server, click Back.
Nickname
Enter a name that describes the intended use for the Server Certificate--for example, "LDAP Services". You can enter up to 64 characters in the Name field.
Creation Method
Click on either the Standard, Custom, or Import creation method.
Standard
This option creates a server certificate using the largest possible key size. In addition, this option signs the public key certificate with your Organizational CA.
Selecting this option does not require you to specify the customizable attributes that are offered in the Custom option. Instead, you simply name the Server Certificate object and indicate the server that will own the certificate.
Custom
This option creates a Server Certificate object using the settings you specify. Unlike the Standard option, this option allows you to set a number of customized settings for the Server Certificate object.
Note: You must choose this option if you want to
- Sign the Server Certificate with an external CA
- Specify a signature algorithm other than SHA-1 with RSA* encryption
- Set a trusted root other than your Organizational CA
- Specify key size and how it is to be used
- Specify a subject name in the certificate other than the server's distinguished name or DNS name.
- Specify a certificate validity period other than the default of two years
Import
This option creates a Server Certificate object using the keys and certificates from a PKCS12 (PFX) file. You can use this option in conjunction with the Export feature to backup and restore a Server Certificate or to move a Server Certificate object from one server to another.
A trademark symbol (®, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For information on trademarks, see Legal Notices.