3.1 Deciding Which Type of Certificate Authority to Use

Novell Certificate Server allows you to create certificates for both servers and end users. Server certificates can be signed by either the Organizational CA or by an external or third-party CA. User certificates can be signed only by the Organizational CA; however, you can import user certificates signed by a third-party CA in PKCS#12 format.

During the Server Certificate object creation process, you are asked which type of certificate authority will sign the Server Certificate object.

The Organizational Certificate Authority is specific to your organization and uses an organizational-specific public key for signing operations. The private key is created when you create the Organizational Certificate Authority.

A third-party certificate authority is managed by a third party outside of the eDirectory tree. An example of a third party certificate authority is VeriSign.

Both types of certificate authorities can be used simultaneously. Using one type of certificate authority does not preclude the use of the other.

3.1.1 Benefits of Using an Organizational Certificate Authority Provided with Novell Certificate Server

  • Compatibility. The Organizational Certificate Authority is compatible with Novell applications such as LDAP services, Portal Services, and the Apache Web Server. Certificates issued by the Organizational CA are X.509 v3 compliant and can also be used by third-party applications.

  • certificate authorityCost savings. The Organizational Certificate Authority lets you create an unlimited number of public key certificates at no cost; obtaining a single public key certificate through an external Certificate Authority might cost a significant amount of money.

  • Component of a complete and compatible solution. By using the Organizational Certificate Authority, you can use the complete cryptographic system built into eDirectory without relying on any external services. In addition, Novell Certificate Server is compatible with a wide range of Novell products.

  • Certificate attribute and content control. An Organizational Certificate Authority is managed by the network administrator, who decides on public key certificate attributes such as certificate life span, key size, and signature algorithm.

  • Simplified management. The Organizational Certificate Authority performs a function similar to external certificate authorities but without the added cost and complexity.

3.1.2 Benefits of Using an External Certificate Authority

  • Liability. An external certificate authority might offer some liability protection if, through the fault of the certificate authority, your private key was exposed or your public key certificate was misrepresented.

  • Availability. An external certificate authority's certificate might be more widely available and more widely trusted by applications outside of eDirectory.