This page allows you to specify a server that will own the Server Certificate object, a Server Certificate object name, and a creation method.
A Server Certificate object can be associated with only one server. In addition, a unique Server Certificate object should be created for each cryptography-enabled application installed on the server. Consequently, you should name each Server Certificate object in a way that describes its function.
Novell* Certificate Server creates a Server Certificate object and names the object based on the certificate name you entered and the server you selected to own the certificate. For example, if you named your certificate "LDAP Services Certificate" and the server's name is Payroll, the Server Certificate object would be named "LDAP Services Certificate - Payroll."
Once created, a Server Certificate object should not be moved or renamed. This is because applications are configured to reference the certificate name you entered. Changing the Server Certificate object name would require that you change the configuration for the application. In addition, a Server Certificate object should stay within the container where its server resides in order to maintain an implicit containment of certificates for servers.
Server
Click the drop-down list to select the server that will own the Server Certificate object.
Certificate Name
Enter a name that describes the intended use for the Server Certificate--for example, "LDAP Services". You can enter up to 64 characters in the Name field.
Creation Method
Click on either the Standard or Custom creation method.
Standard
This option creates a server certificate using the largest possible key size. In addition, this option signs the public key certificate with your Organizational CA.
Note: You must set up your Organizational CA before you can create a Server Certificate object using the Standard option.
Selecting this option does not require you to specify the customizable attributes that are offered in the Custom option. Instead, you simply name the Server Certificate object and indicate the server that will own the certificate.
Custom
This option creates a Server Certificate object using the settings you specify. Unlike the Standard option, this option allows you to set a number of customized settings for the Server Certificate object.
Note: You must choose this option if you want to
- Sign the Server Certificate with an external CA
- Specify a signature algorithm other than SHA-1 with RSA** encryption
- Set a trusted root other than your Organizational CA
- Specify key size and how it is to be used
- Specify a subject name in the certificate other than the server's distinguished name or DNS name.
- Specify a certificate validity period other than the default of two years
* Novell trademark. ** Third-party trademark. For more information, see Trademarks.