This is if you are creating a pair of keys that will be used to setup DirXML communication via SSL.

1. In ConsoleOne, right-click the container containing the eDirectory Server object on which the DirXML driver will run.

2. Click New > Object.

3. Click NDSPKI:Key Material > OK.

4. Specify a name for the KMO object. Since the KMO will be used for DirXML, name it:

DirXML Certificate

5. Make sure the Custom radio button is selected in the Creation Method box > click Next.

6. Select “Organizational certificate authority” and click “Next”.

7. Select the defaults for the “Key size”, “Type”, and options:

Click “Next”.

8. Set the “Validity period” of the certificate to “Maximum”, leaving options “Alternative name” and “Signature algorithm” at the defaults:

• On the same page of the wizard, click the “Edit” button next to the “Subject name” option.Edit the “Subject name” using the format:

For example, server STANLEY in tree WILLEKE would look like this:

.O=<eDirectory tree name>.CN=<hostname>.<DNS domain>
like:
.O=WILLEKE.CN=STANLEY.svr.WILLEKE.COM

• Click “OK” to keep your changes.
• On the same page of the wizard, click the “Add Name” button. Click “Create” to add alternative names for IP Address and DNS name, as appropriate.
• Click “OK” then click “Next” to proceed.
• Select “Your organization’s certificate” as the trusted root for the server certificate. Click “Next” to proceed.
• On the summary page, review your selections. If all is well, click “Finish” to generate the KMO.