This list displays all of the certificates for the selected user, as well as individual attributes of the user certificates according to the column headings.
Nickname
When creating a user certificate, you are prompted to give the certificate and its associated private key a nickname for easy identification. If a listed user certificate created by an external CA does not include a nickname, it is most likely because the CA does not support nicknames.
Note: The nickname does not appear in the user certificate.
Issuer
This column displays the fully typed name of the issuer of each certificate.
Certificate Status
This column initially displays Click Validate... as the status for each user certificate. To determine the selected user certificate's status, click Validate.
Private Key Status
This column displays a status of Present, Not Present, or Unknown.
- Present means the user's private key is stored in NDS®.
- Not Present means that the private key associated with this certificate cannot be found within NDS.
- Unknown means that the system cannot determine the status of the private key. This typically occurs if there isn't a snap-in registered to handle a certificate from this vendor.
Subject Name
This field displays the fully typed name of the user that owns the
selected certificate.
Effective Date
This field displays the time and date at which the selected certificate
becomes valid. The date is displayed in a locale-specific format. The time is
displayed in a 24-hour clock format. For example, if the field reads 10/31/00
13:10:50, the user certificate becomes valid at 50 seconds past 13:10 on October
31, 2000. UTC stands for Coordinated Universal Time.
Expiration Date
This field displays the date and time at which the selected certificate
becomes invalid. Like the Effective Date field, this field uses both a
locale-specific date and a 24-hour clock format.
Import
Clicking this button launches a wizard that lets you import a new certificate (for example, a certificate signed by a third-party Certificate Authority). Once imported, the certificate is stored in the User object and appears on the list of certificates available to the User object.
Create
Clicking this button launches a wizard that lets you create a new user
certificate. If this button is disabled, it means that no Novell* CA was found and no other CAs are available.
Details
Clicking this button provides additional details about the selected
certificate, including information regarding the signature
algorithm, extensions, and Novell attributes.
Validate
Clicking this button starts a validation test on the selected user certificate that checks to see if the user certificate, and all certificates in its certificate chain, are valid. The validation test reports the status and a reason, if applicable. The status then appears in the Status column next to the selected user certificate.
The validation test can return one of two values:
To see a list of reasons why a certificate may be invalid, click here.
Export
Clicking this button accesses a dialog box that lets the owner of the selected certificate export the selected certificate and its associated private key to a file. An administrator can export a user's certificate, but only the owner of the certificate can export the private key.
The format of the file is dependent on what is supported by the CA that signed the certificate. Potential file formats include Base 64, DER, PKCS #7, and PKCS #12.
This functionality is provided so that users can import their certificates and private keys into cryptography-enabled applications, such as Internet browsers and e-mail programs for purposes such as user authentication and securing e-mail. Users can also use this functionality to manually send their certificate to someone who is unable to retrieve it from an NDS tree, or if they want to save a copy of a user certificate.
Delete
Clicking this button deletes the selected certificate and, if located in the NDS tree, the associated private key. You must be an
administrator or have administrator rights to delete a user certificate. Once you delete a user certificate, you cannot recover any information that was encrypted using the public key that was in the user certificate. Signatures made using the private key associated with the deleted user certificate remain valid, but you should keep a copy of the user certificate and signed data as proof of the signature's validity.
Use Revoke if you want to retain the certificate in NDS but do not want the certificate to be used.
A trademark symbol (®, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For information on trademarks, see Legal Notices.