How to create a web site certificate using Novell's CA

  • 3037138
  • 23-Apr-2007
  • 27-Apr-2012

Environment

Novell NetWare 6.5
Novell Certificate Server 2.x
Novell Apache on NetWare
Novell Netscape Enterprise Server
Novell ConsoleOne

Situation

Security Alert - The name on the security certificate does not match the name of the site - when using Internet Explorer browser
Certificate Name Check when using Netscape browser
How to create a web site certificate using Novell's CA

Resolution

Download and install the latest version of ConsoleOne from https://www.novell.com/download

Download and install the latest NICI Encryption Module (ESD NICI x.x.x for WIN) from https://www.novell.com/download

Run ConsoleOne from your workstation and browse to the context that your existing certificates are in.

Click the "new object" icon (the beige box).

In the new object dialog, select NDSPKI:Key Material.

Select the server that the certificate will be owned by (typically the server that the web services are running on).

Name the certificate (typically SSL Certificatexxxxxx). Do NOT append the server name to the certficate - an example would be SSL CertificateNovell.

Click the Custom radio button and then the Next button.

Leave the certficate authority at Organizational Certificate Authority and click the Next button.

Leave the RSA Key size and all other fields at their defaults and click the Next button.

Now, on the "Specify the certificate parameters" dialog, click the Edit button beside the Subject Name field. Change the CN=xxx.xxx.xxx.xxx portion to CN=www.yourdomain.com and click the OK button, then the Next button.

Leave "Your Organization's Certificate" radio button selected and click the Next button.

Click the Finish button.


To use the Certificate, edit sys:\apache2\conf\httpd.conf and search for SSL. Rem out and copy the line that has "SecureListen 443 "SSL CertificateDNS"" . Paste a new line and change "SSL CertificateDNS" to your new certificate name.
Unload Apache2 (ap2webdn) and tomcat (tc4stop).
from the server console type TCKEYGEN and check logger screen when it is completed (1 min or less)
Reload Apache and tomcat (ap2webup, tomcat4)

Additional Information

The default certificates created when installing Novell Certificate Server contain the IP address of the server rather than the domain name.

Formerly known as TID# 10072424