<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!Requires Cross Signed Certificate
!Resource Tree
*In ConsoleOne, right-click the container containing the eDirectory Server object for the new KMO.
*Click New &gt; Object.
*Click NDSPKI:Key Material &gt; OK.
*Specify a name for the KMO object.  If the new KMO will be used for DirXML, name it:\\
     {{{DirXML Certificate}}}
*Click Custom &gt; Next.
*Click External certificate authority (to indicate that the certificate will signed by the CA in another tree) \\ &gt; click Next.
*Select the defaults for the Key size and options
*Click Next
*Click the Edit button next to the Subject name option: \\
Edit the Subject name using the format:
{{{
.O=&lt;eDirectory tree name&gt;.CN=&lt;hostname&gt;.&lt;DNS domain&gt;
   like
.O=J1TEST.CN=servername.svr.Directory-Info.com
}}}
*Click OK to keep your changes.
*Click Next &gt; Finish
*This generates a Certificate Signing Request (CSR) 
*Click System Clipboard in Base64 Format &gt; Save.

!Enterprise Tree
*Browse to and select the eDirectory Server object hosting the CA in the Enterprise Tree.
*Select Tools &gt; Issue Certificate.
*Paste the CSR created in Step 10 into the CSR window &gt; click Next.
*Click Next to Issue Certificate.
*Click SSL or TLS to indicate that the certificate is to be used for SSL authentication &gt; click Next.
*Specify the validity period to Maximum &gt; click Next.
*Click Finish to issue the certificate.
*Click System Clipboard in Base64 Format &gt; Save.

!Move back to the Resource Tree
*Right-click the KMO that was created in the Resource Tree &gt; click Properties &gt; click Certificates-Public Key Certificate.
*Click Import.
*Click Read from File. Select the filename of the Trusted Root certificate [exported from the Enterprise Tree|Exporting The Certificate Authority Certificate] &gt; click Next.
*Paste the certificate created by the Enterprise Tree's Certificate Authority into the certificate window.
*Click Finish.
*The Certificate is now ready for use in for DirXML or eDirectory service(s).




!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
</pre>