How to export the eDirectory certificate and import it into OpenSSL for iFolder
(Last modified: 02Sep2005)
This document (10098796) is provided subject to the disclaimer at the end of this document.
Novell OES for Linux
Export the eDirectory certificate and import it into OpenSSL. Configure the iFolder instance of Apache to use the imported Cert.
1. Open ConsoleOne and select the "Key Material Object" (KMO) that The LDAP server is using.
2. Right click on this object and select PROPERTIES the select the TAB labeled "Certificates" and then select the EXPORT button.
3. When prompted on whether to export the private key select "YES".
4. Enter the filename and location, for example c:\LDAPcert.pfx.
5. You will be required to input a password to protect the private key. Make sure to note the password used in this step, it will be required during the import process into OpenSSL.
6. Copy the *.pfx file to your linux server. From the linux server type OPENSSL at the console then <enter>. The OpenSSL application is now running and the console command will look like this:
7. Extract the private key: pkcs12 -in LDAPcert.pfx -nocerts -out key.pem Enter the password chosen during the export and then choose a passphrase as well.
8. Extract the public key: pkcs12 -inLDAPcert.pfx -clcerts -nokeys -out ifcert.pem
9. Remove the passphrase from the private key: rsa -in key.pem -out ifkey.pem
10. Copy these to the default Apache certificate directory: /etc/ssl/servercerts
11. The final step is to point iFolder's Apache config file to the new certificate files. Edit the /etc/opt/novell/ifolder/conf/httpd.conf file and change the SSLCertificateFile and SSLCertificateKeyFile directives to point to the new certs. Here is what they should look like:
Now restart iFolder and login to the iFolder Admin tool to create the iFolder objects.
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.
- Document ID:
- Solution ID: NOVL103315
- Creation Date: 02Sep2005
- Modified Date: 02Sep2005
- NovellWeb Services
Did this document solve your problem? Provide Feedback