Requires Cross Signed Certificate#
Resource Tree#
- In ConsoleOne, right-click the container containing the eDirectory Server object for the new KMO.
- Click New > Object.
- Click NDSPKI:Key Material > OK.
- Specify a name for the KMO object. If the new KMO will be used for DirXML, name it:
DirXML Certificate - Click Custom > Next.
- Click External certificate authority (to indicate that the certificate will signed by the CA in another tree)
> click Next. - Select the defaults for the Key size and options
- Click Next
- Click the Edit button next to the Subject name option:
.O=<eDirectory tree name>.CN=<hostname>.<DNS domain> like .O=J1TEST.CN=servername.svr.Directory-Info.com
- Click OK to keep your changes.
- Click Next > Finish
- This generates a Certificate Signing Request (CSR)
- Click System Clipboard in Base64 Format > Save.
Enterprise Tree#
- Browse to and select the eDirectory Server object hosting the CA in the Enterprise Tree.
- Select Tools > Issue Certificate.
- Paste the CSR created in Step 10 into the CSR window > click Next.
- Click Next to Issue Certificate.
- Click SSL or TLS to indicate that the certificate is to be used for SSL authentication > click Next.
- Specify the validity period to Maximum > click Next.
- Click Finish to issue the certificate.
- Click System Clipboard in Base64 Format > Save.
Move back to the Resource Tree#
- Right-click the KMO that was created in the Resource Tree > click Properties > click Certificates-Public Key Certificate.
- Click Import.
- Click Read from File. Select the filename of the Trusted Root certificate exported from the Enterprise Tree > click Next.
- Paste the certificate created by the Enterprise Tree's Certificate Authority into the certificate window.
- Click Finish.
- The Certificate is now ready for use in for DirXML or eDirectory service(s).