Manually importing a certificate into a Linux system

  • Document ID:3963765
  • Creation Date:23-Jan-2007
  • Modified Date:30-Apr-2012
    • Micro Focus Products:
      ZENworks Linux Management

Environment

Novell ZENworks 7 Linux Management - ZLM7

Situation

In one case, the certificate from update.novell.com was being reported as not valid:
  • this could be caused if the clock in the machine is set to the wrong date (since certificates have a defined period of time when they are valid)
  • or if there is some sort of firewall that is tampering with the certificate (some security firewalls do so).
ERROR: invalid certificate received from server. (Error received when attempting to register a ZLM agent)

Resolution

Workaround: import the certificate directly to the database of valid certificate authorities, by doing the following (as root):
  1. cd /usr/share/curl
  2. openssl s_client -connect update.novell.com:443| tee logfile
  3. open the"logfile" file and extract the certificate, which is between the line "BEGIN CERTIFICATE" and "END CERTIFICATE" (including those lines), and save it into a file called "certfile".
  4. openssl x509 -inform PEM -in certfile -text -out certdata
  5. Backup your certificate database file (curl-ca-bundle.crt)
  6. cat certdata>> curl-ca-bundle.crt
  7. Stop and start the Zen Updater daemon (/etc/init.d/novell-zmd)