3.1 Configuring Trusted Root Certificates

Configuration Level: Global

The list of trusted root containers is used for certificate validation. During certificate validation, the method builds the certificate chain. In order to be valid, the certificate chain must end with a trusted root certificate. Trusted root certificates are stored in trusted root containers in eDirectory.

The certificate validation process ensures that the login certificate has been issued by a trusted Certificate Authority (CA). This is accomplished by validating that the certificate chain contains only trusted root certificates.

  1. In iManager, create a trusted root container:

    1. Select Novell Certificate Server > Create Trusted Root Container.

    2. Specify the container name and location.

    3. Click OK.

  2. Import trusted root certificates:

    1. Select Novell Certificate Server > Create Trusted Root.

    2. Fill in the following fields:

      • Name: Specify a name. This name is the Trusted Root object that is created in the directory to hold the certificate material. Choose a name that allows you to recognize which CA this issuing certificate came from.

        IMPORTANT:This name cannot contain any dot characters. If it does, you encounter an NDS-601 error.

      • Container: Browse to and select the trusted root container created in Step 1.

      • Certificate: Browse to and select a standard DER file (*.der or *.cer) or Base 64 encoded DER file (*.b64, *.pem, or *.cer). This file contains the material for the issuing certificate.

        If you do not already have this file, consult your CA for information and instructions on how to obtain it.

    3. Click OK.

  3. Add the trusted root container to the method's global settings:

    1. Select Smart Card Login > Global Settings.

    2. Click the plus sign to add the trusted root container to the Trusted Root Certificate Containers list.

    3. Click OK.