Moving eDirectory CA on Linux

  • 3000744
  • 05-Apr-2006
  • 26-Apr-2012

Environment

SuSE Linux Enterprise Server 9
SuSE Linux Enterprise Server 10
Novell eDirectory 8.7.3.x
iManager 2.6
Certificate Authority (CA)



Situation

There may come a time where it is necessary to remove the server housing your Certificate Authority for your eDirectory Tree.  If so, you must relocate your Certificate Authority to a new server in the tree.

Resolution

This process assumes that the CA is healthy and you have admin level rights.

1. In iManager 2.6 | Directory Administration | Modify Object | select your CA object under the Security container
2.  Under the Certificates tab | Public Key Certificate | Export
3.  Yes, you want the private key! | Next
4.  Enter a password greater than 6 characters (this password will only be used to encrypt the CA export) | Next
5.  Save the exported certificate to a file | select a location on your local machine | Close
6.  Under the Directory Administration roll | Delete Object | select your CA object under the Security container and delete it.
7. In a shell on the server you want to be your NEW CA. Run ndsconfig add -m SAS     This will create a new CA in your tree with this server as the owner.
8.  In iManager | Directory Administration | Modify Object | select your CA object under the Security container | under the Certificate tab | Public Key Certificate | Replace | You will be prompted for the location of the file exported in step 5. | enter the password you entered in step 4.
9.  Click Validate to verify the process was successful.
   

Feedback service temporarily unavailable. For content questions or problems, please contact Support.