Importing Third Party Certificate in eDirectory generated with gwcsrgen utility
This document (7007003) is provided subject to the disclaimer at the end of this document.
Replacing expired certificate for Apache
Replacing Third Party WebAccess certificate for NetWare
- Generate a CSR and key file with the help of "gwcsrgen" utility ( Please keep the password that is used for creating the CSR file)
- Send the CSR file to Certicate Provider for signing
- Once Signed by the Certificate Provider, Certificateprovider will send three certificates ( Signed Certificate or SSL Certificate, Secure Server Intermediate CA, CA Root Certificate )
- Copy and paste the three certificates in notepad and save all the three files as certificate.crt, intermediate.crt and root.crt in the same folder where you have key and CSR files.
- Convert the certkey.key file and certificate.crt file in one single p12 ( output.p12 ) file using the following command from the Linux Server
- #openssl pkcs12 -export -out output.p12 -inkey certkey.key -in certificate.crt
- This Command will ask for the pass phrase for the key file, give the password that was used while the CSR generation
- If the password is accepted by the key file then it will ask for the new Export Password for the p12 file.
- Now import the output.p12, intermediate.crt, root.crt file in internet explorer
- To import the certificates in the Internet Explorer:
- Go to Internet Explorer >> Tools >> Internet Options >> Content >> Certificates
- Click Import >> Locate the root.crt file >> Import it under container "Trusted Root Certification Authorities">> Say Yes to the Security Warning to install the Certificate
- Again Click Import >> Locate the output.p12 file >> Provide the password that was given during the output.p12 file creation and Check the option "Mark this key as exportable">> Next >> Select "Automatically select the certificate store based on the type of certificate">> Next >> Finish.
- The Certificate will under personal tab.
- Click Import >> Locate the intermediate.crt file >> Select "Automatically select the certificate store based on the type of certificate">> Next >> Finish.
- Make sure to find all the three files in the Internet explorer under Tools >> Internet Options >> Content >> Certificates >> Personal, Intermediate Certification Authorities and Trusted Root Certification Authorities.
- Export the certificate file now from Internet explorer with the following steps:
- Internet Explorer >> Tools >> Internet Options >> Certificate >> Personal >> Select the certificate that we imported
- When prmopted to export the Private key select YES
- When Prompted for the PKCS#12 information select the "Include all certificates in the certification path if possible" and "Export all extended properties".
- Give the password for the pkcs#12 file to be generated ( This password will be used in importing the certificate in eDirectory)
- Save the file to the filesystem as finalimport.pfx.
- Now import this file in eDirectory using ConsoleOne or iManager
- For importing using ConsoleOne
- Go to the container in the TREE where the server is located for which the CSR was generated.
- Create a new object of typw NDSPKI: Key Material
- Select Server name from the available list
- Provide the certificate name
- Select import >> Next >> Read from file >> Browse the finalimport.pfx file
- Select Next >> Provide the password that was given during the generation of the pkcs#12 file >>Finish
- Refresh ConsoleOne and validate the object in the tree.
- For Importing Using iManager
- Under Roles and Tasks >> Novell Certificate server >> Create Server Certificate
- Browse the server name
- Provide the Nickname for the certificate
- Select creation method as Import >> Next
- Choose the file finalimport.pfx and provide the password
- Select Next >> Finish
- Browse the tree and validate the certificate imported.
- In case if received only SSL Certificate and CA Root Certificate, then skip the part of Intermediate CA Import in Internet explorer ( All the major Third Party Certificate provider include the Intermediate CA)
- The above procedure has been successfully tested with Thwate, Verisign, GoDaddy.
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7007003
- Creation Date:05-OCT-10
- Modified Date:18-JUN-14
Did this document solve your problem? Provide Feedback