Novell* Certificate Server is an integrated Public Key Infrastructure (PKI) built in to eDirectory*. The NetWare* installation process uses Novell Certificate Server to create an Organizational Certificate Authority and to issue certificates for applications that consume Secure Socket Layer (SSL) services.
Novell delivered a base-level PKI with NetWare 5.0. Since your network might be configured with the NetWare 5.0 PKI, you should follow the steps outlined here to properly upgrade from the NetWare 5.0 PKI and to correctly configure your network for Novell Certificate Server:
1. Determine the server that is acting as the Organizational CA. The Organizational CA object is located in the Security container. Using ConsoleOne*, double-click the Organizational CA object and then click the General tab. The server acting as the CA is listed in the Host Server field.
Note: If there is no Organizational CA object in your tree, you can skip directly to Step 3. (If there is no Organizational CA, it will be created automatically during the NetWare installation.)
2. On the server acting as the CA, verify that it is running Novell Certificate Server v2.0 or later.
3. Check for existence of security-related objects and establish the proper eDirectory rights for creation and operation of the CA.
If the KAP container or the W0 object does not exist (the KAP container is located in the Security container and the W0 object is located in the KAP container), the installation of the first NetWare server will create them. In order to create them, the administrator performing the installation must have the Supervisor right to the Security container or Supervisor right at the root of the tree if the Security container does not exist. Additional steps might need to be taken; refer to TID #10053572 for more details.
If the Organizational CA object does not exist, the installation of the first NetWare server will create it (unless this option is deselected during the install). In order to create the Organizational CA and, therefore, to complete the NetWare installation, the administrator must have the Supervisor right at the root of the tree.
Important: The server acting as the CA must remain up and operational during the installation of other servers into this tree.
If the CA object, KAP container, and W0 object already exist, administrators performing installations must have the following rights:
If these rights are not granted, server installations will not have Secure Socket Layer (SSL) security configured. Typically, these rights are granted from the root administrator by creating a new group or role, assigning the above rights to the Group or Role object, and then adding users to this group or role who will install NetWare servers and/or issue certificates using the Organizational CA.
4. Download and install NICI on the ConsoleOne management workstation.
If you will be using the Novell Certificate Server v2.20 ConsoleOne snap-in, you need NICI installed on the workstation where you run ConsoleOne.
NICI is available at http://download.novell.com
*Novell trademark. **Third-party trademark. For more information, see Legal Notices.