Tool

The Certificate Creation script recreates the certificates on OES1 and OES2 servers using a Personal Information Exchange File. With an additional parameter it will also restart all the necessary services. The following information is obtained in the script execution process.

Platforms Supported:

32 and 64 bit OES1 and OES2 are currently supported.

Script Process:

1. The following files are backed up with the date and time appended.
   

   /etc/ssl/servercerts/servercert.pem
   /etc/ssl/servercerts/serverkey.pem
   /var/lib/novell-lum/x.x.x.x.der
   /etc/opt/novell/SSCert.pem //OES1
   /etc/opt/novell/certs/SSCert.pem //OES2

2. Creation of new Certificates
   

   /etc/ssl/servercerts/serverkey.pem
   /etc/ssl/servercerts/servercert.pem
   /etc/opt/novell/SSCert.pem //OES1
   /etc/opt/novell/SSCert.der //OES1
   /etc/opt/novell/certs/SSCert.pem //OES2
   /etc/opt/novell/certs/SSCert.der //OES2
   /var/lib/novell-lum/x.x.x.x.der	

3. Reloads services (optional)
   

   owcimond
   nldap
   namcd
   apache2	

Installation Instructions:

1. Download certificate-creation.tgz
2. Open a Terminal window and type “su”
3. Enter root’s password
4. Extract the script from the tarball
   #tar –xzvf certificate-creation.tgz
5. Make the script executable.
   #chmod 755 certificate-creation.sh
6. Export the Personal Information Exchange File using iManager.
   
   1. In iManager, go to Directory Administration -> Modify Object
   2. Select the SSL CertificateDNS - YourServerName certificate object, which by default is in the same eDirectory context as your server object and click OK
   3. Go to the Certificates tab of the certificate object and click Validate. It should come back as Valid. If not, there is something wrong with your Certificate Authority and you should rectify this problem and regenerate the certificates before continuing.
   4. Select Export.
   5. Select "Export private key" and "Include all certificates in the certification path if available."
   6. Assign the private key a password. This will be used to protect the private key while it is being transferred. This password will be removed in a future step.
   7. Save the resulting pkcs12 file (Personal Information Exchange format) to a secure location on your server. The default file name is cert.pfx
7. Run the certificate-creation.sh script
   #./certificate-creation.sh -f /directory/fileName.pfx -c -r

Fixes and Enhancements:

Version 1.1
1. The script will now check if your are root
2. OES2 x86_64 is now supported
3. A relative path to the .pfx file can now be used.