The Novell Appliance ships with a self-signed digital certificate. Instead of using this self-signed certificate, you should use a trusted server certificate that is signed by a trusted certificate authority (CA) such as VeriSign or Equifax.
The certificate works for both the Novell Appliance and the Filr software (ports 9443 and 8443). You do not need to update your certificate when you update the Filr software.
Complete the following sections to change the digital certificate for your Novell Appliance. You can use the digital certificate tool to create your own certificate and then have it signed by a CA, or you can use an existing certificate and key pair if you have one that you want to use.
Log in to the Novell Appliance at https://server_url:9443.
In thedrop-down list, ensure that is selected.
Click> , then specify the following information:
Alias: Specify a name that you want to use to identify and manage this certificate.
Avoid using periods (.) in the Alias name, because doing so can result in unpredictable behavior with some browsers when importing trusted certificates.
Validity (days): Specify how long you want the certificate to remain valid.
Key Algorithm: Select eitheror .
Key Size: Select the desired key size.
Signature Algorithm: Select the desired signature algorithm.
Common Name (CN): This must match the server name in the URL in order for browsers to accept the certificate for SSL communication.
Organizational Unit (OU): (Optional) Small organization name, such as a department or division. For example, Purchasing.
Organization (O): (Optional) Large organization name. For example, Novell, Inc.
City or Lacality (L): (Optional) City name. For example, Provo.
State or Province (ST): (Optional) State or province name. For example, Utah.
Two-letter Country Code (C): (Optional) Two-letter country code. For example, US
Clickto create the certificate.
After the certificate is created, it is self-signed.
Make the certificate official, as described in Getting Your Certificate Officially Signed.
On the Digital Certificates page, select the certificate that you just created, then click> > .
Complete the process of emailing your digital certificate to a certificate authority (CA), such as Verisign.
The CA takes your Certificate Signing Request (CSR) and generates an official certificate based on the information in the CSR. The CA then mails the new certificate and certificate chain back to you.
After you have received the official certificate and certificate chain from the CA:
Revisit the Digital Certificates page by clickingfrom the Novell Appliance.
Click> > . Browse to the trusted certificate chain that you received from the CA, then click .
Select the certificate that you created in Creating a New Certificate, then click > > .
Browse to and upload the official certificate to be used to update the certificate information.
On the Digital Certificates page, the name in thecolumn for your certificate changes to the name of the CA that stamped your certificate.
Activate the certificate, as described in Section 31.2.3, Activating the Certificate.
When you use an existing certificate and key pair (such as in the case of a wildcard certificate), use a .P12 key pair format.
If your certificate is not yet in .P12 key pair format, you can use openSSL to convert it. For example, run the following command from a Linux command prompt:
openssl pkcs12 -export in mycert.pem -inkey mykey.pem -out mycert.p12
Go to the Digital Certificates page by clickingfrom the Novell Appliance.
In thedrop-down list, select .
Click> > . Browse to and select your existing certificate, then click .
Click> > . Browse to your existing certificate chain for the certificate that you selected in Step 2, then click .
Click> > , then browse to and select your .P12 key pair file, specify your password if needed, then click OK.
Because of a browser compatibility issue with HTML 5, the path to the certificate is sometimes shown as c:\fakepath. This does not adversely affect the import process.
Continue with Section 31.2.3, Activating the Certificate.
On the Digital Certificates page, in thedrop-down list, select .
Select the certificate that you want to make active, then click, then click .
Verify that the certificate and the certificate chain were created correctly by selecting the certificate and clicking.