72 OES 2 SP2: Novell Cluster Services 1.8.7 for Linux Administration Guidenovdocx (en) 7 January 2010NetWare and Linux Clusters Are in Different TreesIn this scenario, the NetWare server and the OES 2 SP1 Linux server are on different eDirectorytrees. The NetWare source server must be running NetWare 5.1 or later versions. The Linux targetserver must be running OES 2 SP1 Linux on either 32-bit or 64-bit hardware.Run the DNS migration tool from one of the Linux nodes.Perform the Tree Level Migration with adifferent Source server (tree to which NetWare clustered nodes are attached) and Target server (treeto which the Linux clustered nodes are attached). This ensures that the entire NetWare DNSconfiguration data is available for Linux DNS. For information see “Using iManager to MigrateServers across eDirectory Trees” in the OES 2 SP2: Migration Tool Administration Guide.IMPORTANT: Before starting the DNS server on the Linux cluster, stop the DNS server on theNetware cluster.Post-Migration TasksSee “Post-Migration Procedure” in the OES 2 SP2: Migration Tool Administration Guide.6.3.9 eDirectory Server CertificatesNovell Certificate ServerTM provides two categories of services: Certificate Authority (CA) andServer Certificates. The Certificate Authority services include the Enterprise CA and CRL(Certificate Revocation List). Only one server can host the CA, and normally that same server hoststhe CRLs if they are enabled (although if you move the CA to a different server, the CRLs usuallystay on the old server). The CA and CRL services are not cluster-enabled in either NetWare or OES2 Linux, and therefore, there are no cluster-specific tasks for them.Novell Certificate Server provides a Server Certificates service for NetWare and Linux. The serviceis not clustered. However, clustered applications that use the server certificates must be able to usethe same server certificates on whichever cluster node they happen to be running. Use theinstructions in the following sections to set up Server Certificate objects in a clustered environmentto ensure that your cryptography-enabled applications that use Server Certificate objects alwayshave access to them.The eDirectory Server Certificate objects are created differently in OES 2 Linux and cannot bedirectly reused from the NetWare server. The differences and alternatives for setting up certificateson Linux are described in the following sections: “Server Certificate Changes in OES 2 Linux” on page 72 “Using Internal Certificates in a Cluster” on page 73 “Using External Certificates in a Cluster” on page 73Server Certificate Changes in OES 2 LinuxWhen you install NetWare or OES 2 Linux in an eDirectory environment, the Server Certificateservice can create certificates for eDirectory services to use. In addition, custom certificates can becreated after the install by using iManager or command line commands.