This is if you are creating a pair of keys that will be used to setup DirXML communication via SSL.
1. In ConsoleOne, right-click the container containing the eDirectory Server object on which the DirXML driver will run.
2. Click New > Object.
3. Click NDSPKI:Key Material > OK.
4. Specify a name for the KMO object. Since the KMO will be used for DirXML, name it:
5. Make sure the Custom radio button is selected in the Creation Method box > click Next.
6. Select Organizational certificate authority and click Next.
7. Select the defaults for the Key size, Type, and options:
8. Set the Validity period of the certificate to Maximum, leaving options Alternative name and Signature algorithm at the defaults:
- On the same page of the wizard, click the Edit button next to the Subject name option.Edit the Subject name using the format:
For example, server STANLEY in tree WILLEKE would look like this:
.O=<eDirectory tree name>.CN=<hostname>.<DNS domain> like: .O=WILLEKE.CN=STANLEY.svr.WILLEKE.COM
- Click OK to keep your changes.
- On the same page of the wizard, click the Add Name button. Click Create to add alternative names for IP Address and DNS name, as appropriate.
- Click OK then click Next to proceed.
- Select Your organizations certificate as the trusted root for the server certificate. Click Next to proceed.
- On the summary page, review your selections. If all is well, click Finish to generate the KMO.