This list box displays all of the certificates for the selected user, as well as individual attributes of the user certificates according to the column headings.
Nickname
When creating a user certificate, you are prompted to give the certificate and its associated private key a nickname for easy identification. If a listed user certificate created by an external CA does not include a nickname, it is most likely because the CA does not support nicknames.
Note: The nickname does not appear in the user certificate.
Issuer
This column displays the fully typed name of the issuer of each certificate.
Certificate Status
This column displays a status of Active, Archived, or Expired.
- Active means the user certificate is currently valid.
- Archived means the user certificate is not currently available for use, but can be referenced by applications that might have used it earlier.
- Expired means that the expiration date for the user certificate has passed and the certificate should therefore not be used.
Private Key Status
This column displays a status of Active, Archived, or Not Present.
- Active means the user's private key is currently valid.
- Archived means the user's private key is not currently available for use, but can be referenced by applications that might have used it earlier.
- Not Present means that the private key associated with this certificate cannot be found within NDS*. This column is only applicable to certificates issued by an Novell CA.
- Unknown means that the system cannot determine if a private key exists. This typically occurs if there isn't a snap-in registered to handle a certificate from this vendor.
Subject Name
This field displays the fully typed name of the user that owns the
highlighted certificate.
Effective Date
This field displays the time and date at which the highlighted certificate
becomes valid. The date is displayed in a locale-specific format. The time is
displayed in a 24-hour clock format. For example, if the field reads 01/29/99
13:10:50, the user certificate becomes valid at 50 seconds past 13:10 on January
29, 1999. UTC stands for Coordinated Universal Time.
Expiration Date
This field displays the date and time at which the highlighted certificate
becomes invalid. Like the Effective Date field, this field uses both a
locale-specific date and a 24-hour clock format.
Import
Clicking this button launches a wizard that lets you import a new certificate (for example, a certificate signed by a 3rd party Certificate Authority). Once imported, the certificate is stored in the User object and appears on the list of certificates available to the User object.
Create
Clicking this button launches a wizard that lets you create a new user
certificate. If this button is disabled, it means that no Novell* CA was found and no other CA's are available.
Details
Clicking this button provides additional details about the highlighted
certificate, including information regarding the signature
algorithm, extensions, and Novell attributes.
Validate
Clicking this button lets you ensure that all certificates in the
certificate chain for the highlighted
certificate are still valid. If this button is not active, it is because the CA that
signed the highlighted user certificate does not support certificate chain
validation through ConsoleOne*.
Revoke
Clicking this button lets you revoke a highlighted user certificate. If
this button is not active, it is because the CA that signed the highlighted user
certificate does not support certificate revocation.
Renew
Clicking this button lets you renew a highlighted user certificate. If this
button is not active, it is because the CA that signed the highlighted user
certificate does not support certificate renewal.
Export
Clicking this button accesses a dialog box that lets you export the
highlighted certificate, and its associated private key, to a file. The format of the file is dependent on what is supported by the CA that signed the certificate. Potential file formats include Base 64, DER, PKCS #7, and PKCS #12.
This functionality is provided so that you can import your certificates and private keys into cryptography-enabled applications, such as Internet browsers and e-mail programs for purposes such as user authentication and securing e-mail. You can also use this functionality to manually send your certificate to someone who is unable to retrieve it from your NDS tree or if you want to save a copy of a user certificate.
Delete
Clicking this button deletes the highlighted certificate and, if located in the NDS tree, the associated private key. You must be an
administrator or have administrator rights to delete a user certificate. Once you delete a user certificate, you cannot recover any information that was encrypted using the public key that was in the user certificate. Signatures made using the private key associated with the deleted user certificate remain valid, but you should keep a copy of the user certificate and signed data as proof of the signature's validity.
* Novell trademark. ** Third-party trademark. For more information, see Trademarks.