Environment
Novell eDirectory 8.8 for All Platforms
Situation
When the CA is created automatically as part of a new tree creation, two attributes are added (ndspkiIssuedCertContainerDN & ndspkiCRLContainerDN) which are not added automatically when the CA is created in an existing tree using ndsconfig.
For Linux/Unix platforms:
ndsconfig add -m SAS
which can be used to create a CA, if one doesn't already exist in the tree, will create the CA but will not add the two attributes.
Using iManager:
Using Configure Certificate Authority will start the wizard to create a CA, if one doesn't already exist in the tree. The wizard will create the ndspkiCRLContainerDN attribute & container when default creation is chosen or if the Create CRL configuration object option is selected during custom creation. ndspkiIssuedCertContainerDN is not added.
ndspkiCRLContainerDN points to the container which is used for Certificate Revocation List.
ndspkiIssuedCertContainerDN point to a container where a copy of Issued Certificates can be stored.
For Linux/Unix platforms:
ndsconfig add -m SAS
which can be used to create a CA, if one doesn't already exist in the tree, will create the CA but will not add the two attributes.
Using iManager:
Using Configure Certificate Authority will start the wizard to create a CA, if one doesn't already exist in the tree. The wizard will create the ndspkiCRLContainerDN attribute & container when default creation is chosen or if the Create CRL configuration object option is selected during custom creation. ndspkiIssuedCertContainerDN is not added.
ndspkiCRLContainerDN points to the container which is used for Certificate Revocation List.
ndspkiIssuedCertContainerDN point to a container where a copy of Issued Certificates can be stored.
Resolution
To create the ndspkiCRLContainerDN, use iManager | Novell Certificate Server | Configure Certificate Authority and create a CRL configuration object under the CRL tab, if one doesn't exist.
To create the ndspkiIssuedCertContainerDN, use iManager | Directory Administration | Modify Object | Select the CA. Click on the "Other" link under the General tab. Add ndspkiIssuedCertContainerDN with the value of the container that should be used.
Default values are:
ndspkiCRLContainerDN cn=CRL Container,cn=Security
ndspkilssuedCertContainerDN cn=Issued Certificates,cn=Security
To create the ndspkiIssuedCertContainerDN, use iManager | Directory Administration | Modify Object | Select the CA. Click on the "Other" link under the General tab. Add ndspkiIssuedCertContainerDN with the value of the container that should be used.
Default values are:
ndspkiCRLContainerDN cn=CRL Container,cn=Security
ndspkilssuedCertContainerDN cn=Issued Certificates,cn=Security