25.1 NetIQ Certificate Server Features

Public key cryptography presents unique challenges to network administrators. NetIQ Certificate Server helps you meet these challenges in the following ways:

  • Provides public key cryptography services on your network

    You can create an Organizational Certificate Authority (CA) within your eDirectory tree, allowing you to issue an unlimited number of user and server certificates. You can also use the services of an external certificate authority, or use a combination of both as your needs dictate.

  • Controls the costs associated with obtaining and managing public key certificates

    You can create an Organizational CA and issue public key certificates through the Organizational CA.

  • Allows public key certificates to be openly available while also protecting them against tampering

    Certificates are stored in eDirectory and can therefore leverage eDirectory replication and access control features.

  • Allows private keys to be accessible to only the software routines that use them for signing and decrypting operations

    Private keys are encrypted by Novell International Cryptography Infrastructure (NICI) and made available only to the software routines using them for signing and decrypting operations.

  • Securely backs up private keys.

    Private keys are encrypted by NICI, stored in eDirectory, and backed up by using standard eDirectory backup utilities.

  • Allows central administration of certificates using iManager.

    iManager plug-ins are provided, allowing you to manage certificates issued from your Organizational CA or from any other CA that supports a certificate signing request in PKCS #10 format.

  • Allows users to manage their own certificates

    Users can use iManager to export keys for use in cryptography-enabled applications without system administrator intervention.

  • Supports popular e-mail clients and browsers