Novell Home

Moving the Organizational Certificate Authority from NW5.1 to NW6

Novell Cool Solutions: Feature
By Kyle Hussey

Digg This - Slashdot This

Posted: 11 Mar 2003
 

NOTE: If NetWare 6 is already created and a member of the tree, you must follow the steps used to remove and reinstall Certificate Server on the individual servers (Step II)

Step I: Open ConsoleOne from a client workstation and go to the Security Container for the tree.

  1. Highlight the Security Container and in the left right windowpane you will see the ?____ Organizational CA?. Delete this Object.
  2. You will also see a ?KAP? object. Expand this Object until you see the WO object. Delete first the WO object and then the KAP object.
  3. Now expand the Servers container and locate the following objects and delete them.
    • SSL CertificateDNS - <server name>
    • SSL CertificateIP - <server name>
    • SAS Service - <servername>
  4. At the Server Console you will now run the two following commands:

    UINSTALL PKIS
    UINSTALL SAS

Step II: In ConsoleOne remove the same three objects as in Step I Part 3 for the NW 6 Server that will become the New Organizational CA server. Run these commands at the servers console:

UINSTALL PKIS
UINSTALL SAS

Note: during the re-install process should you encounter the error ?there is a newer nlm than what you are installing.? SELECT ALWAYS OVERWRITE NEWER FILES. This is important because the newer file is of the old Key pair and if not overwritten it will not allow the server to obtain a new key pair from the new Organizational CA.

  1. Obtain the NetWare 6 Service Pack 2 Overlay CD and place in CD-ROM.
    1. At system Console load CD-ROM.
    2. At system Console load NWCONFIG.
      1. PRODUCT OPTIONS
      2. INSTALL A PRODUCT NOT LISTED
      3. Path = ?ex?..NETWARE6: ?
  2. In the Listed products select ?Certificate Server? and deselect All other products.
  3. Select NEXT
  4. Authenticate with a User who has Supervisor rights to the Server object.
  5. The install will detect the missing Organizational CA and will ask you to name the New Organizational CA.
  6. Warning Box will appear that this will be the Trusted root for the entire tree. Select OK.
  7. Click finish and the following objects will be created:
    • ORGANIZATIONAL CA
    • KAP
    • WO
    • LOGIN METHODS

Step III: All servers that are a member of the tree must now have Certificate Server reinstalled. Perform the reinstall first on servers that have a replica on them.

    1. In ConsoleOne go to the container for the server you are working on and remove the following objects for that server:
      1. SSL CertificateDNS - <server name>
      2. SSL CertificateIP - <server name>
      3. SAS Services - <server name>
    2. Run the Following Commands at the Server Console:

      UINSTALL PKIS
      UINSTALL SAS

    3. If performing on NW 5.1 server use the ?NW51SP5 Overlay CD? If If performing on NW 6 server use the ?NW6SP2 Overlay CD? to reinstall the Certificate Server.
      1. LOAD CDROM
      2. LOAD NWCONFIG
      3. PRODUCT OPTIONS
      4. INSTALL PRODUCT NOT LISTED
      5. Path =
        • For NetWare 6 path = ?ex?..NETWARE6:?
        • for NetWare 5.1 path = ?ex?.NW51:?
    4. SELECT CERTIFICATE SERVER from the products List
    5. Deselect all other products
    6. Authenticate with a user that has Supervisor rights to the tree.
    7. Accept the rest of the Defaults
    8. Close ConsoleOne GUI on server

Step IV: Now install the Certificate server to the rest of the servers within your tree using the same method above.

An alternate method to reinstall the Certificate server would be to use the remote deployment manager.

Simply place the NetWare 6 SP 2 overlay CD/ NetWare 5.1 SP 5 overlay CD in the CD-ROM of your workstation. It will auto launch the Remote Deployment Manager. Select POST INSTALLATION option and then NW6/NW5.1 products.

Then select the Server you will push the product to, authenticate to the tree and then select Certificate Server. The Remote Deployment Manager will then deploy the product to the Server.

-----MAKE SURE TO PERFORM THIS ON ALL REMAINING SERVERS IN THE TREE SO THAT THEY CAN ALL RECEIVE A NEW VALID KEY PAIR FROM THE NEW ORGANIZATIONAL CA-----

If you have any questions you may contact Kyle at khussey@gcpud.org


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell