This is if you are creating a pair of keys that will be used to setup DirXML communication via SSL.

1.	In ConsoleOne, right-click the container containing the eDirectory Server object on which the DirXML driver will run.

2.	Click New > Object.

3.	Click NDSPKI:Key Material > OK.

4.	Specify a name for the KMO object.  Since the KMO will be used for DirXML, name it: 

	DirXML Certificate

5.	Make sure the Custom radio button is selected in the Creation Method box > click Next.

6.	Select “Organizational certificate authority” and click “Next”.

7.	Select the defaults for the “Key size”, “Type”, and options:
	 

Click “Next”.

8.	Set the “Validity period” of the certificate to “Maximum”, leaving options “Alternative name” and “Signature algorithm” at the defaults:
	 

*On the same page of the wizard, click the “Edit” button next to the “Subject name” option.Edit the “Subject name” using the format:

For example, server STANLEY in tree WILLEKE would look like this:
{{{
.O=<eDirectory tree name>.CN=<hostname>.<DNS domain>
like:
.O=WILLEKE.CN=STANLEY.svr.WILLEKE.COM}}}
*Click “OK” to keep your changes.
*On the same page of the wizard, click the “Add Name” button.  Click “Create” to add alternative names for IP Address and DNS name, as appropriate.
*Click “OK” then click “Next” to proceed.
*Select “Your organization’s certificate” as the trusted root for the server certificate.  Click “Next” to proceed.
*On the summary page, review your selections.  If all is well, click “Finish” to generate the KMO.