Certs in OES2

Christopher Mangiarelli cmangiarelli at gmail.com
Thu Dec 18 15:18:45 GMT 2008 

Novell fixed the cert issue by deleting all certs in eDir and using
"ndsconfig upgrade" from the linux command prompt.  However, this reverted
my server back to default certs which of course don't work well due to the
site redirection issue mentioned below.  I have not yet been able to get a
resolution to that problem from Novell.

As far as I can tell, the Yast CA is separate and unused after eDir is
online and uses its CA to mint certs and saves them to the linux filesystem
where OES apps are pointing to standard file locations (ie.
/etc/ssl/servercerts).

I have an idea on my site redirection link, but I am trying to figure out
how to get a cert out of edir (.der/.pks12) format and into the formats for
apache (.pem/.cert/.key).

On Thu, Dec 18, 2008 at 10:00 AM, Peter Van Lone <petervl at gmail.com> wrote:

> yikes --- call Novell support, and then let us all know what fixed it,
> please?
>
> Peter
>
>
> On Mon, Dec 15, 2008 at 3:45 PM, Christopher Mangiarelli
> <cmangiarelli at gmail.com> wrote:
> > Anybody got a concise, easy to understand, explanation on how certs work
> > under OES2/SLES10?
> >
> > My iFolder system was up and running but now it's broken.  The install
> > created default server certs using the DNS name of the hostname of the
> > server.  However, my users need to use an english name (something that
> means
> > something to them) to access their resources.  I created a cname in DNS
> > using the terminology I wanted and pointed it to the server's hostname.
> > Even though the trusted root is in my webbrowser, it would still warn of
> > site redirection.  This is normal, however in the past I would create a
> > third server cert using alt subject names for the resource in question
> using
> > the server hostname, server ip, and resource common name.  In NW, these
> > certs are auto picked up by apps if they are pointed to the right
> > certificate (ala. ldap for example) in edir.  This doesn't seem to work
> on
> > OES2.
> >
> > I'm honestly not sure what I did as I tried a bunch of stuff to get
> proper
> > certs loaded.  I used the YAST CA tool and that didn't work.  I used the
> > eDir iManager tools and those don't work.  Now, whenever my server
> reboots
> > it gets some self-signed certs (not even signed by my CA) in its
> > /etc/ssl/servercerts directory.  How do I get back to normal certs?  How
> > does the Yast CA tool interact with the iManager CA tools?
> >
> > I've tried all the tools in iManager for recreating defautl server certs.
> > While in eDir I can see the normal SSL CertificateDNS/IP certs and they
> look
> > good, the server is not using them.
>

-- 
Christopher Mangiarelli
cmangiarelli at gmail.com

More information about the Novell mailing list