Novell iManager 2.7.5 Administration Guide - NetIQ
Novell iManager 2.7.5 Administration Guide - NetIQ
Novell iManager 2.7.5 Administration Guide - NetIQ
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
NOTE: For information about creating a .der certificate file, see “Exporting a Trusted Root or Public<br />
Key Certificate” (http://www.novell.com/documentation/crt33/crtadmin/data/<br />
a2ebopb.html#a2ebopd) in the <strong>Novell</strong> Certificate Server <strong>Administration</strong> <strong>Guide</strong>. You will want to export<br />
the trusted root certificate.<br />
1 Open a command window.<br />
2 Change to the \bin directory where you have installed the JDK.<br />
For example, on a Windows system, you would enter the following command:<br />
cd j2sdk1.5.0_11\bin<br />
3 Import the certificate into the keystore with the keytool, executing the following keytool<br />
commands (platform specific):<br />
• Linux<br />
keytool -import -alias [alias_name] -file [full_path]/trustedrootcert.der -<br />
keystore [full_path]/jre/lib/security/cacerts<br />
• Windows<br />
keytool -import -alias [alias_name] -file [full_path]\trustedrootcert.der -<br />
keystore [full_path]\jre\lib\security\cacerts<br />
Replace alias_name with a unique name for this certificate and make sure you include the full<br />
path to trustedrootcert.der and cacerts.<br />
The last path in the command specifies the keystore location. This varies from system to system<br />
because it is based on where <strong>iManager</strong> is installed. The following are the examples of default<br />
locations for <strong>iManager</strong> on Windows and Linux:<br />
On Windows: C:\Program Files\<strong>Novell</strong>\jre\lib\security\cacerts<br />
On Linux: //jre/lib/security/cacerts<br />
4 Enter changeit for the keystore password.<br />
5 Click Yes to trust this certificate.<br />
NOTE: This process must be repeated for each eDirectory tree you will be accessing with <strong>iManager</strong>.<br />
If LDAP has been configured to use a certificate not signed by the tree’s Organizational CA, you must<br />
import that certificate’s Trusted Root. This is necessary, for example, if LDAP is configured to use a<br />
VeriSign*‐signed certificate.<br />
A.2 Self-Signed Certificates<br />
<strong>iManager</strong> includes a temporary, self‐signed certificate that you use when installing <strong>iManager</strong> on<br />
Linux or Windows platform. It has an expiration date of one year. For more information, see “Self‐<br />
Signed Certificates” in the <strong>Novell</strong> <strong>iManager</strong> <strong>2.7.5</strong> Installation <strong>Guide</strong>.<br />
112 <strong>Novell</strong> <strong>iManager</strong> <strong>2.7.5</strong> <strong>Administration</strong> <strong>Guide</strong>