Novell Home

My Favorites

Close

Please to see your favorites.

Kanka 2.8: Generating And Signing Your Own Certificate

This document (7012010) is provided subject to the disclaimer at the end of this document.

Environment


Novell Kanaka for Mac
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 3
Novell Open Enterprise Server 11 (OES 11) Linux Support Pack 1

 

Situation

This Technical Information Document (TID) builds off of section 3.5 of the Novell Kanaka documentation.

The purpose of this TID is to provide instruction on how to create, sign, install, and utilize a self-signed certificate in order to enable Apple Macintosh (MAC) clients to connect to the Kanaka 2.8 engine. 

Resolution

SERVER CONFIGURATION
  1. Create a Certificate Signing Request (CSR) utilizing the following OpenSSL command:
    openssl req -newkey rsa:2048 -keyout private.key -out server.csr
  2. When prompted, answer each of the questions pertaining to the certificate:
    Question
    Explanation
    Country Name (two-letter code)
    The ISO 3166 two-letter country code pertaining to the country where Kanaka Engine is located.
    State or Province (full name)
    The complete name of your state or province.
    Locality Name (such as the city)
    The complete name of your city.
    Organization Name
    The name of your company or organization.
    Organizational Unit
    The name of your department (optional).
    Common Name*
    The name of your server as resolved by DNS.
    Email Address
    The email address of the certificate administrator.
    Challenge Password
    Generally optional, but required by some third-party certificate providers.

    *Emphasis added. Please see corresponding "Explanation" field.
  3. Copy the server.csr file to the desktop of the workstation or server that iManager will be launched from.
  4. Open iManager > Novell Certificate Server > Issue Certificate. Browse the the server.csr file previously copied. Click Next.
  5. Utilize the following, basic settings (minimum). Select SSL or TLS and leave the other default settings:


  6. On Step 3 of 6, leave the default settings and click NEXT
  7. On Step 4 of 6, choose the "Validity Period" desired and click NEXT
  8. On Step 5 of 6, choose the DER format to export the signed certificate in and click NEXT
  9. On Step 6 of 6 click FINISH and download the certificate (server.der)
  10. Copy the server.der to the directory where your CSR was stored.
  11. At the command line, convert the certificate to PEM format:
    openssl x509 -inform DER -outform PEM -in server.der -out kanaka.pem
  12. Remove the passphrase or password from the certificate:
    openssl x509 -in kanaka.pem -out insecure.kanaka.pem
  13. Decrypt the private key (The private key is encrypted by default and needs to be decrypted for the Kanaka Engine to use):
    openssl rsa -in private.key -out decrypted.private.key

    NOTE: You will be prompted for your pass phrase that was used to setup the private key
  14. Remove the passphrase or password from the certificate:
    openssl rsa -in decrypted.private.key -out insecure.decrypted.private.key
  15. Create the server.pem file with both the private key and certificate files:
    cat insecure.decrypted.private.key insecure.kanaka.pem > server.pem
  16. Copy the server.pem file to the following location and start the kanaka engine:
    /etc/opt/novell/kanaka/engine/config
Certificate configuration on the server is now complete. Client configuration is next.
 
 
CLIENT CONFIGURATION
The cert.der must now be exported via iManager and copied to the MAC clients. A unique method of copying the file to the clients will be demonstrated.
 
  1. Open iManager > Novell Certificate Server > Configure Certificate Authority. Select the CERTIFICATES tab on the right.
  2. Check the box next to your ORGANIZATIONAL CA, and select the EXPORT option (DER format).

  3. Save the certificate (cert.der) and copy it to the following location on the server that is running the Kanaka Engine:
    /var/opt/novell/kanaka/engine/data/www/client
  4. From the MAC client, open a web browser and enter in the following URL:
    https://your.srvr.ip.addr:3089
  5. You will receive a warning about the certificate being invalid or untrusted. Check the "Always Trust" box outlined in red and click continue:

  6. Once logged in select RETRIEVE KANAKA CLIENT. You will be presented with two files to download. The first will be the cert.der copied to the ...www/client directory earlier. The second will be the Kanaka client. Download and install the Kanaka client (or upgrade it) if not done previously (not covered here).
  7. Download the cert.dir, open up the keychain, unlock it, and drag the cert.dir into the LOGIN section:

  8. Open the Kanaka Client and login

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7012010
  • Creation Date:22-MAR-13
  • Modified Date:22-MAR-13
    • NovellKanaka for Mac
      Open Enterprise Server

Did this document solve your problem? Provide Feedback