Novell Home

Extending Certificate Life

Novell Cool Solutions: Tip
By Veli-Matti Luotonen

Digg This - Slashdot This

Posted: 26 Oct 2005
 

Problem

A reader asked about the following problem:

"I noticed that after one year of functioning properly, eGuide started to give certificate errors to users: 'The security certificate has expired or is not yet valid'. I also noticed that in C:\Program Files\Novell\Apache\conf\ssl directory (Windows platform) there are files such as server.crt and server.der.crt and server.key. Those crt files are expired, as they were made effective on the install date and should last for one year.

How can I replace these certificates with new ones, without reinstalling eGuide and iManager?"

And here's a helpful tip from V.M. Luotonen ...

Solution

This tip is based on the Apache/SSL article at:
http://tud.at/programm/apache-ssl-win32-howto.php3

1. In the C:\Program files\Novell\Apache\Bin directory, find the openssl.exe application.

2. Make a certificate request as follows:

OpenSSL> req -config openssl.cnf -new -out server.csr

For the Common Name, use the name of your web server - either with the IP address or DNS name - whatever method your users use to connect.

3. Remove passhrase from private key as follows:

OpenSSL> rsa -in privkey.pem -out server.key

4. Create a self-signed certificate:

OpenSSL> x509 -in my-server.csr -out server.crt -req -signkey 
server.key -days 3650

Using the example above, now your certificate is valid for 10 years!

5. Copy the server.key and server.crt files to C:\Program files\Novell\Apache\conf\ssl

6. Restart Apache.

Your users will no longer get the "Certificate has expired or is not yet valid" messages.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell