17.2 Setting Up SSL and Certificates on a NetWare Middle Tier Server

When you set up SSL for a Middle Tier Server on a NetWare machine, all of the administration is done with ConsoleOne. Remember that the NetWare server must have the NICI client 2.4.0 (or later) installed.

Use the following steps to set up SSL on the NetWare server:

  1. In ConsoleOne, browse to the tree where you installed the Middle Tier Server software > right-click the highest container (usually the Organization) > click New > Object to open the New Object dialog box.

  2. Click the NDSPKI:Key Material object to start the creation wizard.

    1. Specify a Certification Name (this is the key-pair name for the certificate and the associated public and private keys), select the Custom install, then click Next.

    2. Select External Certificate Authority, then click Next.

    3. Change the Key Size to 1024, keep the defaults on all the other fields, then click Next.

      The default Key Size is 2048, but 1024 is sufficient.

    4. In the Subject Name field, change CN= to your fully distinguished name, keep the defaults on all of the other fields, then click Next.

    5. Click Finish to create the Certificate Signing Request (CSR).

    6. Save as Base64, then specify a path and file name that can be accessed later.

  3. Have a trusted CA create a server certificate from the CSR you generated in Step 2.

    If you want, you can use the eDirectory Root CA to issue the certificate. For more information, see Using the eDirectory Root CA to Issue a Certificate.

  4. When the certificate is issued, open ConsoleOne, then open the tree where Middle Tier Server software is installed.

  5. Open the NDSPKI:Key Material object (KMO) you created, click Certificates, click Trusted Root Cert, then click Import to start the Import Wizard and import the certificate.

    1. On the Trusted Root Certificate page, click Read from File, select the Trusted Root Cert, then click Next.

    2. On the Server Certificate page, click Read from File, select the certificate you created in Step 3, click Next, then click Finish.

  6. (Conditional) Modify the Apache configuration files in NetWare 6 to reflect the name of the certificate created in ConsoleOne:

    1. Open and edit httpd.conf, which is found in the sys:\apache\conf directory.

    2. Search for the line with the current port assignment. The line might look similar to this:

      SecureListen 10.0.1.1:443 "SSL CertificateDNS"

    3. Replace “SSL CertificateDNS” with the name of the certificate you just created in ConsoleOne. For example:

      SecureListen 10.0.1.1:443 "Dave Cert"

      When the wizard creates a server certificate, it adds - server_name to the end of the name (for example, Dave Cert - DaveServer). Do not add this section to the .conf file.

      You can also edit the Web Manager section of the .conf file with the name of the new certificate.

  7. Restart the NetWare server.