Novell Teaming 1.0
Novell Teaming 1.0 Support Pack 1
Novell Teaming 1.0 Support Pack 2
Novell Teaming 1.0 Support Pack 3
The certificates used by Vibe are stored in a â.keystoreâ file in the Vibe software directory. By default this file comes with a self-signed and expired certificate. This allows Vibe to use SSL/HTTPS out of the box but causes end users to get several warnings when accessing Vibe securely. This document tries to cover the steps needed to replace the existing certificate with either third party certificates or self signed certificates. This document covers creating a new â.keystoreâ file in a temporary directory, generating a certificate signing request (csr), requesting the new certificates, importing the new certificates into the new â.keystoreâ file, and then replacing the Vibe servers â.keystoreâ file.
Step One: Creating a new â.keystoreâ file
This new â.keystoreâ file can be created in any directory logged in as any user from a terminal prompt. It is best if a directory is created to place these files in where they can easily be located later. In this TID the example directory is /home/admin/certs.
1. Open a terminal prompt window
2. Change to the certs directory: cd /home/admin/certs
3. Generate a new â.keystoreâ file:
keytool -genkey -alias tomcat -keyalg RSA -keystore .keystore -keysize 2048
4. When prompted for a password, use âchangeitâ without the quotes
5. The next prompt is for First and Last name, use the full dns name for the Vibe server (example: vibe.novell.com)
6. The next few prompts are for Organizational unit, Organization, City or locality, State or Province, and two-letter country code. You can enter whatever is wanted or nothing.
7. Enter yes on the prompt asking if the information is correct
8. At the prompt for the Key password just press Enter to keep the same password as the keystore (changeit).
9. There should now be a â.keystoreâ file in the certs directory. Note: the â.â in front of the name make it a hidden file, use the ls -al command to see it.
Note: If you are using a self-signed certificate, please skip to Step Five below. Also for self-signed certificates, you can create one with longer validity by using:
keytool -genkey -alias tomcat -keyalg RSA -keystore .keystore -keysize 2048 -validity 730
This will create a certificate valid for two years (730 days).
Step Two: Generate a Certificate Signing Request (CSR)
The CSR file will be used to request a certificate from a third party authority.
1. From the same terminal prompt in the same directory where the new â.keystoreâ file was created issue the commad:
keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore .keystore
2. Enter the keystore password: should be âchangeitâ
3. There should now be a certreq.csr file in the directory. Use the ls -al command to view.
Step Three: Request Certificates from Third Party Certificate Authorities (CA)
There are a variety of Third Party Certificate Authorities that are available. Send the certreq.csr file to one of them. Ypu may have to copy/paste its contents on their website. They should send back a set of certificates to import into the Vibe â.keystoreâ file. Those certificates should include the private certificate requested and any chain certificates needed to get back to the Certificate Authority. It is NECESSARY to import all of them. Sometimes Certificate Authorities do not send you the chain and root certificates and assume that you will download them from their website. Please check the installation instructions of your chosen certificate authority for 'Tomcat Servers' to determine where you can download these chain and root certificates from.
Step Four: Importing certificates into Vibe
In this section we will import certificates acquired from Certificate Authority into the new keystore created in step one. Place these certificates in the /home/admin/certs directory next to the .keystore file. In this TID we are assuming that your Certificate Authority sent you three files:
a. root.crt: The CA root certificate
b. chain1.crt: The intermediate chain certificate of your CA
c. server.crt: Signed certificate for your Vibe server by the CA
1. Open a terminal prompt window
2. Change to the certs directory: cd certs
3. Import the third party root certificate:
keytool -import -alias root -keystore .keystore -trustcacerts -file root.crt
4. Import the third party chain certificates if any:
keytool -import -alias intermed -keystore .keystore -trustcacerts -file chain1.crt
5. Import the certificate for the Vibe server with the following command:
keytool -import -alias tomcat -keystore .keystore -trustcacerts -file server.crt
6. If prompted for a password, use âchangeitâ without the quotes
7. f successful a comment of âCertificate reply was installed in keystoreâ will be displayed
At this point the new keystore file has been created and is ready to replace the Vibe servers default keystore file.
Step Five: Replacing the Keystore file and restarting Vibe
In this section you will backup the old keystore file and replace it with the newly created keystore file. Once this is done the Vibe server will need to be restarted for it take effect.
1. Open a terminal prompt if not already there
2. Change to the certs directory if not already there
3. Verify the new keystore file exists
4. Should see a file name .keystore
5. Switch to the Root user
6. Enter the root users password when prompted
7. Change to the Vibe License directory. The default location will vary depending on the Vibe Version and Operating System.
For Teaming 1.x on Linux:
For Teaming 1.x on Windows:
For Teaming 2.x on Linux:
For Teaming 2.x on Windows:
cd c:\Program Files\Novell\Teaming\apache-tomcat-6.0.18\conf
For Vibe 3.x and Vibe 4.0.2 on Linux:
For Vibe 3.x on Windows:At this point the Vibe server should now be using the new certificates for HTTPS. Login to the Vibe server on the secure port. By default the secure port is 8443.
cd c:\Program Files\Novell\Teaming\apache-tomcat\conf
8. verify the old keystore file is present
9. Rename the old keystore file for backup purposes
mv .keystore keystorebackup
10. Verify this was done
11. Copy the new keystore to this directory
cp /home/admin/certs/.keystore ./ (there is a period before the slash)
12. Verify the new keystore file was copied
13. Note what user and group owns the other files in the directory (example: admin:users)
14. Note who owns the new .keystore file, should be root:root
15. Change the ownership to the same user and group as the other files
chown admin:users .keystore
16. Verify this was done
17. Change the keystore file to executable
chmod 750 .keystore
18. Verify this was done
19. Restart Vibe
On Linux use the script commands:
/etc/init.d/icecore restart (for version 1.x)
/etc/init.d/teaming restart (for Teraming version 2.x and Vibe 3.x)
On Windows use the shutdown and startup batch files or restart the service.