On the Directory Server Console, select the Tasks tab and click Certificate Setup Wizard. The following dialog box appears outlining the steps required to set up a server certificate. Click Next.
On the dialog box that appears, select Internal (software) from the "Select a token (Cryptographic Device)" drop-down menu.
Under "Is the server certificate already requested and ready to install?", choose No if you have never submitted a request for this certificate.
You would choose Yes when you are ready to install the certificate as
described in "Step 3: Install the certificate".
Click Next. If you have already set up a certificate database for the server's host, skip to the next step. If a certificate database does not already exist for this host, click Next to create one. A certificate database is a key-pair and certificate database installed on the local host. When you use an internal token, the certificate database is the database into which you install the key and certificate.
On the dialog box that appears, enter and confirm the password you want
to use for the certificate database and click Next. The password must
contain at least 8 characters, at least one of them numeric. This password
helps secure access to the new key database you are creating.
Once the certificate database is created, the wizard displays a confirmation
dialog. Click Next to continue.
A dialog appears confirming that the wizard is ready to continue with the certificate setup and indicates that you need to determine the distinguished name for the server and have the information readily available. See the online help for more information. Click Next.
The Generating a Certificate Request - Step 1 dialog box appears. If prompted, select a token from the list of legal key tokens you can use, enter the password you used when you set up the certificate database, and then click Next.
The Generating a Certificate Request - Step 2 dialog box appears. Select whether this is a request for a new server certificate or whether you are renewing an existing server certificate. If you want to create a new certificate, choose New Certificate. If you already have an existing certificate, the Certificate Renewal option takes less time. If you have an existing certificate and want to replace or renew it, choose Certificate Renewal.
Enter the CA administrator's address where your certificate request should be sent. If you want, click Show CA to launch a web browser and view a list of the Certificate Authorities available to you.
Click Next. The Generate a Certificate Request - Step 3 dialog box appears. Enter the following information and click Next.
Your name. Enter your user ID.
Telephone. Enter a telephone number where the CA can reach you if
necessary.
Server Host Name. Enter the fully qualified hostname of the directory
server as it is used in DNS lookups, for example, dir.airius.com.
Email Address. Enter your business email address. This is used for
correspondence between you and the CA.
Organization. Enter the legal name of your company or institution. Most
CAs require you to verify this information with legal documents such as a
copy of a business license.
Organizational Unit. Optional. Enter a descriptive name for your
organization within your company.
Locality. Optional. Enter your company's city name.
State or Province. Enter the full name of your company's state or province
(no abbreviations).
Country. Select the two-character abbreviation for your country's name
(ISO format). The country code for the United States is US. The Netscape
Directory Server Schema Reference Guide contains a complete list of ISO
Country Codes.
The Generate a Certificate Request - Step 4 dialog box appears. This dialog box contains the certificate request that you need to send to the CA. Click Cancel to exit the wizard.
On the Directory Server Console, select the Tasks tab.
Click Certificate Setup Wizard. A dialog box appears outlining the steps required to set up a server certificate. Click Next.
On the dialog box that appears, provide information as follows, and then click Next.
Select a token (Cryptographic Device). Choose the same token you
used when you generated the certificate request.
Is the server certificate already requested and ready to install. Choose
Yes.
A dialog appears confirming that the wizard is ready to continue with the certificate setup. Click Next.
The Install the Server Certificate - Step 1 dialog box appears. Provide the following information and then click Next.
Certificate for. If you are installing your server's certificate choose "This
Server." If you are installing your CA's certificate choose "Server Certificate
Chain".
You only choose "Trusted Certificate Authority" if you are using a certificate
that you want to accept as a trusted CA for client authentication, as
described in "Step 4: Trust the Certificate Authority".
Password. Enter the certificate database password you used when you
generated the certificate request.
The Install the Server Certificate - Step 2 dialog box appears. Choose one of the following options and then click Next.
The certificate is located in this file. You can either enter the absolute
path to the certificate in this text box, or copy and paste the certificate as
described below.
The certificate is located in the following text field. Copy the text from
the CAs email or from the text file you created and paste it in this field. For
example:
-----BEGIN CERTIFICATE-----
MIICMjCCAZugAwIBAgICCEEwDQYJKoZIhvcNAQEFBQAwfDELMAkGA1UEBhMCVVMx
IzAhBgNVBAoTGlBhbG9va2FWaWxsZSBXaWRnZXRzLCBJbmMuMR0wGwYDVQQLExRX
aWRnZXQgTWFrZXJzICdSJyBVczEpMCcGA1UEAxMgVGVzdCBUZXN0IFRlc3QgVGVz
dCBUZXN0IFRlc3QgQ0EwHhcNOTgwMzEyMDIzMzU3WhcNOTgwMzI2MDIzMzU3WjBP
MQswCQYDVQQGEwJVUzEoMCYGA1UEChMfTmV0c2NhcGUgRGlyZWN0b3J5IFB1Ymxp
Y2F0aW9uczEWMBQGA1UEAxMNZHVgh49dq2itLmNvbTBaMA0GCSqGSIb3DQEBAQUA
A0kAMEYCQQCksMR/aLGdfp4m0OiGcgijG5KgOsyRNvwGYW7kfW+8mmijDtZRjYNj
jcgpF3VnlsbxbclX9LVjjNLC57u37XZdAgEDozYwNDARBglghkgBhvhCAQEEBAMC
APAwHwYDVR0jBBgwFoAU67URjwCaGqZuUpSpdLxlzweJKiMwDQYJKoZIhvcNAQEF
BQADgYEAJ+BVem3vBOP/BveNdLGfjlb9hucgmaMcQa98A/db8qimKT/ue9UGOJqL
bwbMKBBopsD56p2yV3PLJIsBgrcuSoBCuFFnxBnqSiTS/7YiYgCWqWaUAExJFmD6
6hBLseqkSWulk+hXHN7L/NrViO+7zNtKcaZLlFPf7d7j2MgX4Bo=
-----END CERTIFICATE-----