Generating Dirxml Certificates For Edir2Edir Drivers

Requires Cross Signed Certificate#

Resource Tree#

  • In ConsoleOne, right-click the container containing the eDirectory Server object for the new KMO.
  • Click New > Object.
  • Click NDSPKI:Key Material > OK.
  • Specify a name for the KMO object. If the new KMO will be used for DirXML, name it:
    DirXML Certificate
  • Click Custom > Next.
  • Click “External certificate authority” (to indicate that the certificate will signed by the CA in another tree)
    > click Next.
  • Select the defaults for the “Key size” and options
  • Click “Next”
  • Click the “Edit” button next to the “Subject name” option:
Edit the “Subject name” using the format:
.O=<eDirectory tree name>.CN=<hostname>.<DNS domain>
  • Click “OK” to keep your changes.
  • Click Next > Finish
  • This generates a Certificate Signing Request (CSR)
  • Click System Clipboard in Base64 Format > Save.

Enterprise Tree#

  • Browse to and select the eDirectory Server object hosting the CA in the Enterprise Tree.
  • Select Tools > Issue Certificate.
  • Paste the CSR created in Step 10 into the CSR window > click Next.
  • Click Next to “Issue Certificate”.
  • Click “SSL or TLS” to indicate that the certificate is to be used for SSL authentication > click Next.
  • Specify the validity period to “Maximum” > click Next.
  • Click Finish to issue the certificate.
  • Click System Clipboard in Base64 Format > Save.

Move back to the Resource Tree#

  • Right-click the KMO that was created in the Resource Tree > click Properties > click Certificates-Public Key Certificate.
  • Click Import.
  • Click Read from File. Select the filename of the Trusted Root certificate exported from the Enterprise Tree > click Next.
  • Paste the certificate created by the Enterprise Tree's Certificate Authority into the certificate window.
  • Click Finish.
  • The Certificate is now ready for use in for DirXML or eDirectory service(s).

More Information#

There might be more information for this subject on one of the following: