User Certificate Properties

This list box displays all of the certificates for the selected user, as well as individual attributes of the user certificates according to the column headings.

Nickname
When creating a user certificate, you are prompted to give the certificate and its associated private key a nickname for easy identification. If a listed user certificate created by an external CA does not include a nickname, it is most likely because the CA does not support nicknames.

Note: The nickname does not appear in the user certificate.

Issuer
This column displays the fully typed name of the issuer of each certificate.

Certificate Status
This column displays a status of Active, Archived, or Expired.

Private Key Status
This column displays a status of Active, Archived, or Not Present.

Subject Name
This field displays the fully typed name of the user that owns the highlighted certificate.

Effective Date
This field displays the time and date at which the highlighted certificate becomes valid. The date is displayed in a locale-specific format. The time is displayed in a 24-hour clock format. For example, if the field reads 01/29/99 13:10:50, the user certificate becomes valid at 50 seconds past 13:10 on January 29, 1999. UTC stands for Coordinated Universal Time.

Expiration Date
This field displays the date and time at which the highlighted certificate becomes invalid. Like the Effective Date field, this field uses both a locale-specific date and a 24-hour clock format.

Import
Clicking this button launches a wizard that lets you import a new certificate (for example, a certificate signed by a 3rd party Certificate Authority). Once imported, the certificate is stored in the User object and appears on the list of certificates available to the User object.

Create
Clicking this button launches a wizard that lets you create a new user certificate. If this button is disabled, it means that no Novell* CA was found and no other CA's are available.

Details
Clicking this button provides additional details about the highlighted certificate, including information regarding the signature algorithm, extensions, and Novell attributes.

Validate
Clicking this button lets you ensure that all certificates in the certificate chain for the highlighted certificate are still valid. If this button is not active, it is because the CA that signed the highlighted user certificate does not support certificate chain validation through ConsoleOne*.

Revoke
Clicking this button lets you revoke a highlighted user certificate. If this button is not active, it is because the CA that signed the highlighted user certificate does not support certificate revocation.

Renew
Clicking this button lets you renew a highlighted user certificate. If this button is not active, it is because the CA that signed the highlighted user certificate does not support certificate renewal.

Export
Clicking this button accesses a dialog box that lets you export the highlighted certificate, and its associated private key, to a file. The format of the file is dependent on what is supported by the CA that signed the certificate. Potential file formats include Base 64, DER, PKCS #7, and PKCS #12.

This functionality is provided so that you can import your certificates and private keys into cryptography-enabled applications, such as Internet browsers and e-mail programs for purposes such as user authentication and securing e-mail. You can also use this functionality to manually send your certificate to someone who is unable to retrieve it from your NDS tree or if you want to save a copy of a user certificate.

Delete
Clicking this button deletes the highlighted certificate and, if located in the NDS tree, the associated private key. You must be an administrator or have administrator rights to delete a user certificate. Once you delete a user certificate, you cannot recover any information that was encrypted using the public key that was in the user certificate. Signatures made using the private key associated with the deleted user certificate remain valid, but you should keep a copy of the user certificate and signed data as proof of the signature's validity.


* Novell trademark. ** Third-party trademark. For more information, see Trademarks.