How to create a self signed certificate for Mobility

  • 7007674
  • 25-Jan-2011
  • 02-Jul-2019

Environment

Novell Data Synchronizer 1.0
Novell Data Synchronizer Mobility Pack Update
Novell Data Synchronizer Mobility Pack

Situation

How to create a self signed certificate for Mobility

Resolution

Data Sync Mobility generates a default self signed certificate, however the certificate is assigned to "DataSync MobilityPack" and not to the DNS Name that the device would connect to. Please avoid using a self-signed certificate as much as possible. Some devices do not perform well with self signed certificate.  However, if needed, please follow the steps listed below to create a self-signed certificate with the correct DNS Name.

  1. Download Novell Cool Solutions Tool - dsapp Mobility Administration to the Mobility server.
    • Run "dsapp" from a terminal window

  2. From the dsapp menu, select Certificates | Generate CSR and Key:
    • Provide the path to store the certificate files.
      Note: Directory will be created if it does not already exist.
    • Type the pass phrase to protect the key and press Enter.
    • Re-enter the pass phrase to protect the key.
    • Fill in the Country Name, State or Province Name, Locality Name, Organization Name, Organizational Unit Name, Common Name, Email Address.
      Note: Common Name is very important as this is the DNS name that the devices would use to connect to the server. (i.e. mobility.mycompany.com)
    • When asked for Challenge password and optional company name, leave it blank.
    • Press [Enter] to continue.

  3. Select Generate Self-Signed Certificate:
    • Provide the path where the certificate files are stored from steps 2 and 3.
    • Enter server.key (private key) and sever.csr (CSR).
      Note: You may be prompted for the password of the private key.
    • Enter y to implement with Mobility connector for devices.
    • Enter y to implement with WebAdmin.

  4. Restart Mobility services:
    rcgms restart OR rcdatasync restart

Additional Information

To verify the certificate, select the following options:
  • Visit WebAdmin and select the lock icon to view information about the certificate.
  • Visit http://www.digicert.com/help/ and provide the Server Address devices use to connect to verify the Mobility certificates.

Please follow the steps in the following TID to import the self-signed Certificate on Windows Mobile Devices
https://support.microfocus.com/kb/doc.php?id=7007672

For manual steps:

  1. Generate a Private Key by following the steps listed below:
    • Type "openssl genrsa -des3 -out server.key 2048 " and press Enter.
    • Type the pass phrase to protect the key and press Enter.
    • Re-enter the pass phrase to protect the key.
  2. Generate a Certificate Signing Request by following the steps listed below:
    • Type "openssl req -new -key server.key -out server.csr " and press Enter.
    • Enter the pass phrase of private key when asked for. This is the same pass phrase that was entered in Step 1.
    • Fill in the Country Name , State or Province Name , Locality Name , Organization Name , Organizational Unit Name , Common Name , Email Address . Common Name is very important as this is the DNS name that the devices would use to connect to the server.
    • When asked for Challenge password and optional company name, leave it blank.
  3. Generate a Self-Signed Certificate:
    • Type "openssl x509 -req -days 730 -in server.csr -signkey server.key -out server.crt " and press Enter. Increase or decrease 730 as needed. This is the number of days the certificate is valid for.
    • Enter the pass phrase of the Private Key. This is the same pass phrase that was entered in Step 1
  4. Remove the password from the Private Key by following the steps listed below:
    • Type "openssl rsa -in server.key -out nopassword.key " and press Enter.
    • Enter the pass phrase of the Private Key. This is the same pass phrase that was entered in Step 1.
  5. Combine the Certificate and Passwordless private key file to create a pem file by following the steps listed below:
    • Type "cat nopassword.key > mobility.pem " and press Enter.
    • Type "cat server.crt >> mobility.pem " and press Enter. Notice the double greater than symbol (>>).
  6. Copy mobility.pem to /var/lib/datasync/device directory by typing "cp mobility.pem /var/lib/datasync/device/ " and press Enter.
  7. Copy mobility.pem to /var/lib/datasync/webadmin directory as server.pem by typing "cp mobility.pem /var/lib/datasync/webadmin/server.pem " and press Enter.
  8. Type "rcdatasync restart " and press Enter.