ndspkiIssuedCertContainerDN and ndspkiCRLContainerDN not added with in post install configuration

  • 7001226
  • 26-Aug-2008
  • 26-Apr-2012


Novell eDirectory 8.8 for All Platforms


When the CA is created automatically as part of a new tree creation, two attributes are added (ndspkiIssuedCertContainerDN & ndspkiCRLContainerDN) which are not added automatically when the CA is created in an existing tree using ndsconfig.

For Linux/Unix platforms:
ndsconfig add -m SAS
which can be used to create a CA, if one doesn't already exist in the tree, will create the CA but will not add the two attributes.

Using iManager:
Using Configure Certificate Authority will start the wizard to create a CA, if one doesn't already exist in the tree.  The wizard will create the ndspkiCRLContainerDN attribute & container when default creation is chosen or if the Create CRL configuration object option is selected during custom creation.  ndspkiIssuedCertContainerDN is not added.

ndspkiCRLContainerDN points to the container which is used for Certificate Revocation List.
ndspkiIssuedCertContainerDN point to a container where a copy of Issued Certificates can be stored.


To create the ndspkiCRLContainerDN, use iManager | Novell Certificate Server | Configure Certificate Authority and create a CRL configuration object under the CRL tab, if one doesn't exist.

To create the ndspkiIssuedCertContainerDN, use iManager | Directory Administration | Modify Object | Select the CA.  Click on the "Other" link under the General tab.  Add ndspkiIssuedCertContainerDN with the value of the container that should be used.

Default values are:
ndspkiCRLContainerDN   cn=CRL Container,cn=Security
ndspkilssuedCertContainerDN  cn=Issued Certificates,cn=Security