Manualshelf

Datasheet

ManualsBrandsNovell ManualsSoftware00662644465449-OEM
651652653654655656657658659660
“main” (Installation and Administration) 2004/6/25 13:29 page 631 #657
i
i
i
i
i
i
i
i
26
Security in the Network
Exporting CA to LDAP To export a CA, enter the CA as described in Sec-
tion 26.1.2 on page 626. Select ‘Extended’ ‘Export to LDAP’ in the
subsequent dialog, which opens the dialog for entering LDAP data.
If your system has been configured with the YaST LDAP client, the
fields are already partly completed. Otherwise, enter all the data
manually. Entries are made in LDAP in a separate tree with the at-
tribute “caCertificate”.
Exporting a Certificate to LDAP Enter the CA containing the certificate
to export then select ‘Certificates’. Select the required certificate from
the certificate list in the upper part of the dialog and select ‘Export’
‘Export to LDAP’. The LDAP data is entered here in the same way as
for CAs. A corresponding user object is then sought in the LDAP tree
and the certificate is saved there with the attributes “userCertificate”
(PEM format) and “userPKCS12” (PKCS12 format).
Exporting CRL to LDAP Enter the CA containing the CRL to export and
select ‘CRL...’. If desired, then create a new CRL and export this with
‘Export’ ‘To LDAP’. The LDAP data is also entered here in the
same way as with CAs. Entries are then made in the LDAP at the
same point as the associated CA, but using the “certificateRevoca-
tionList” attribute.
Exporting CA Objects as a File
If you have set up a repository on the computer for administering CAs, you
can use this option to create the CA objects directly as a file at the correct
location. Different output formats are available, such as PEM, DER, and
PKCS12. In the case of PEM, it is also possible to choose whether a certifi-
cate should be exported with or without key and whether the key is to be
encrypted. In the case of PKCS12, it is also possible to export the certifica-
tion path.
Export in file format is performed for certificates, CAs, and CRLs in the
same way as described for LDAP in Section 26.1.2 on the facing page, ex-
cept select ‘Export as File’ instead of ‘Export to LDAP’. This then takes you
to a dialog for selecting the required output format and for entering the
password and file name. The certificate is stored at the required location
after you click ‘OK’.
631SUSE LINUX Enterprise Server