How to create the KAP and the W0 objects manually

  • 3854276
  • 13-Apr-2007
  • 16-Mar-2012

Environment

Novell NetWare 6.5
Novell Certificate Server

Situation

Certificate Authority along with the KAP and the W0 objects were deleted
User wants to move their CA to a different server
How to create the KAP and the W0 objects manually

Resolution

NOTE: If you need to delete your CA or move it to a different server, it is NOT necessary to delete the KAP and W0 objects. They work independently of the Certificate Server. If the server that is specified in the NDSPKI:SD Key Server DN attribute on the W0 object is no longer in the tree, then you can change the attribute to point to a different server. It is not necessary to delete the KAP and W0 objects.

1. Make sure Certificate Server (PKI) is installed on the desired server (The KAP and W0 objects are not created by default when you reinstall Certificate Server.)
2. Open ConsoleOne and highlight the Security container in the left-hand pane
3. Create a new object and select NDSPKI:SD Key Access Partition
- Ignore any errors about snapins
- For the name of the new object use KAP
4. Highlight the new KAP object and create a new object
5. Select NDSPKI:SD Key List
- Again ignore any errors about snapins
6. Name the new object W0 (make sure it is a zero)
7. Go into the properties of the W0 object and go the other tab
8. Select the add button and add the NDSPKI:SD Key Server DN attribute

You want to be careful when assigning the NDSPKI:SD Key Server DN attribute. You must make sure that the server you are selecting as the master key server has all the tree keys for your tree. If it does not, it can cause tree key inconsistencies. You can use SDIDIAG to check the synchronization of your tree keys to verify that the server you are selecting has a copy of all the tree keys for your tree. (See KB 3455150 - Using SDIDiag to gather specific SDKey information from servers)

9. Use the browse button to browse to the server you would like to make the master tree key server for the tree.
10. Go to the Trustees of the W0 object and add EVERY SERVER in your tree as a trustee with the default rights of Read/Write for All Attribute Rights and Compare for Entry Rights.

Additional Information

Formerly known as TID# 10093216

Feedback service temporarily unavailable. For content questions or problems, please contact Support.