Configuring the Broker and Server › Broker and Server Communication › Start the Server (UNIX, Linux, and zLinux) › Options for LDAP Attribute Names › Novell eDirectory

Novell eDirectory

For Novell eDirectory, you may need to create the trusted certificate file and to create the client certificate and private key files. Creating the trusted certificate file enhances security for authenticating and protecting users' logon credentials. Sample procedures for performing these tasks follow.

Follow these steps:

1. Start the ConsoleOne client for your Novell eDirectory server.
2. On the ConsoleOne console, right‑click the IP AG object and select Properties from the shortcut menu.

   The Properties dialog appears.

3. Click the Certificates, Trusted Root Certificate configuration tab.
4. Click Export to export this certificate, but do not include the private key with the export.
5. Click DER format to export the key file.
6. Leave the Properties dialog open and start a command prompt.
7. Use the OpenSSL utility to convert the certificate from DER format to PEM format, because OpenLDAP requires PEM format. Use the following command as a model:

   openssl x509 -in cacertfile.der -inform DER -outform PEM -out cacertfile.pem
   

   where cacertfile.der is the file generated by ConsoleOne.

   The resulting file, cacertfile.pem, is used for the CA Harvest SCM remote agent TLS configuration.

8. Leave open the Properties dialog and the command prompt and complete the following steps to create the client certificate and private key files. When you create the client certificate and private key files, you enhance security for authenticating and protecting users' logon credentials.

Important! Before performing these steps, verify that you have completed the previous steps to create the trusted certificate file.

Follow these steps:

1. On ConsoleOne, select the user object (for example, CA Harvest SCM Admin) and open the Properties dialog.
2. On the Properties dialog, click the Security tab and select Certificates:
   1. Export this certificate and specify that the private key be included with the export.
   2. In the fields provided, enter and confirm the password for encrypting the private key.
   3. Record the password because you need it in a next step to separate the certificate from the private key.

      The client certificate is exported.

      Use the OpenSSL utility to separate the certificate from the private key and remove the password.

   4. Enter the following command to extract the certificate and remove the password:

      openssl pkcs12 ‑in certfile.pfx ‑clcerts ‑nodes ‑nokeys ‑out certfile.pem
      

   5. When prompted, enter the password used when exporting the pfx certificate created by ConsoleOne. In this example, the exported certificate file is certfile.pfx.
   6. Enter the following command to extract the private key and remove the password:

      openssl pkcs12 ‑in certfile.pfx ‑clcerts ‑out temp.pem ‑nodes
      

   7. When prompted, enter the password used to export the pfx certificate:

      openssl rsa ‑in temp.pem ‑out key.pem
      

   The certfile.pem and key.pem files are used for the TLS configuration. The temp.pem file is an intermediate file and can be deleted.