C.1 Creating Certificates for CIS

This section describes about how to create a sample Server Certificate, Server Key and CA Certificate files.

  1. Create a temp folder.

  2. Generate CSR (Certificate Signing Request) file.

    The sample csr_detail_file.txt file is as follows:

    [req]
default_bits = 2048
prompt = no
default_md = sha1
req_extensions = req_ext
distinguished_name = dn

[ dn ]
O= <Organization Name>
CN= <Hostname or DNS Name>

[ req_ext ]
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = oes_doc.labs.wdc.acme.com
IP = 192.168.0.1

    The attribute details is as follows:

    • CN: Host name of a OES server where CIS server is installed.

    • DNS.<value>: DNS name of a OES server where CIS server is installed.

      If DNS name is provided for Gateway Server Address during CIS configuration, ensure that the same DNS name is configured. For more information, see Configure CIS as a Standalone Server.

    • IP: IP address of the OES server where CIS is configured.

    In case of Novell Cluster Services (NCS), the CN, DNS and IP should be configured as follows:

    • CN: Host name of a gateway cluster resource.

    • DNS.<value>: DNS name of a gateway cluster resource.

      If DNS name is provided for Gateway Server Address during CIS configuration, ensure that the same DNS name is configured. For more information, see Configure CIS Services.

    • IP: IP address of the cluster gateway resource IP.

  3. Create the .csr file using the following command:

    openssl req -new -sha256 -nodes -out csrfilename.csr -newkey rsa:2048 -keyout serverkey.pem -config <csr_detail_file name>

  4. Generate the public certificate using the .csr file and eDirectory.

    1. Go to iManager > Netiq Certificate Server > Issue Certificate.

    2. Click Choose File to select the .csr file and click Next.

    3. Select Key type as SSL or TLS and Extended key usage as Server authentication and User authentication, then click Next.

    4. Select Certificate Type as End Entity and follow the wizard to continue.

    5. Click Download the issued certificate link.

  5. Copy the generated server certificate to the temp folder.

  6. Convert the generated certificate from .der to .pem format.

    openssl x509 -inform der -in <.der file name> -out <servercert.pem>