Importing Third Party Certificate in eDirectory generated with gwcsrgen utility
This document (7007003) is provided subject to the disclaimer at the end of this document.
- Generate a CSR and key file with the help of "gwcsrgen" utility ( Please keep the password that is used for creating the CSR file)
- Send the CSR file to Certicate Provider for signing
- Once Signed by the Certificate Provider, Certificateprovider will send three certificates ( Signed Certificate or SSL Certificate, Secure Server Intermediate CA, CA Root Certificate )
- Copy and paste the three certificates in notepad and save all the three files as certificate.crt, intermediate.crt and root.crt in the same folder where you have key and CSR files.
- Convert the certkey.key file and certificate.crt file in one single p12 ( output.p12 ) file using the following command from the Linux Server
- #openssl pkcs12 -export -out output.p12 -inkey certkey.key -in certificate.crt
- This Command will ask for the pass phrase for the key file, give the password that was used while the CSR generation
- If the password is accepted by the key file then it will ask for the new Export Password for the p12 file.
- Now import the output.p12, intermediate.crt, root.crt file in internet explorer
- To import the certificates in the Internet Explorer:
- Go to Internet Explorer >> Tools >> Internet Options >> Content >> Certificates
- Click Import >> Locate the root.crt file >> Import it under container "Trusted Root Certification Authorities">> Say Yes to the Security Warning to install the Certificate
- Again Click Import >> Locate the output.p12 file >> Provide the password that was given during the output.p12 file creation and Check the option "Mark this key as exportable">> Next >> Select "Automatically select the certificate store based on the type of certificate">> Next >> Finish.
- The Certificate will under personal tab.
- Click Import >> Locate the intermediate.crt file >> Select "Automatically select the certificate store based on the type of certificate">> Next >> Finish.
- Make sure to find all the three files in the Internet explorer under Tools >> Internet Options >> Content >> Certificates >> Personal, Intermediate Certification Authorities and Trusted Root Certification Authorities.
- Export the certificate file now from Internet explorer with the following steps:
- Internet Explorer >> Tools >> Internet Options >> Certificate >> Personal >> Select the certificate that we imported
- When prmopted to export the Private key select YES
- When Prompted for the PKCS#12 information select the "Include all certificates in the certification path if possible" and "Export all extended properties".
- Give the password for the pkcs#12 file to be generated ( This password will be used in importing the certificate in eDirectory)
- Save the file to the filesystem as finalimport.pfx.
- Now import this file in eDirectory using ConsoleOne or iManager
- For importing using ConsoleOne
- Go to the container in the TREE where the server is located for which the CSR was generated.
- Create a new object of typw NDSPKI: Key Material
- Select Server name from the available list
- Provide the certificate name
- Select import >> Next >> Read from file >> Browse the finalimport.pfx file
- Select Next >> Provide the password that was given during the generation of the pkcs#12 file >>Finish
- Refresh ConsoleOne and validate the object in the tree.
- For Importing Using iManager
- Under Roles and Tasks >> Novell Certificate server >> Create Server Certificate
- Browse the server name
- Provide the Nickname for the certificate
- Select creation method as Import >> Next
- Choose the file finalimport.pfx and provide the password
- Select Next >> Finish
- Browse the tree and validate the certificate imported.
- In case if received only SSL Certificate and CA Root Certificate, then skip the part of Intermediate CA Import in Internet explorer ( All the major Third Party Certificate provider include the Intermediate CA)
- The above procedure has been successfully tested with Thwate, Verisign, GoDaddy.
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7007003
- Creation Date:05-OCT-10
- Modified Date:27-APR-12
- NovellGroupWisePKIS (Certificate Server)
Did this document solve your problem? Provide Feedback