Updating iFolder SSL Certificates after Apache Certificates Have Changed

  • Document ID:7009638
  • Creation Date:26-Oct-2011
  • Modified Date:13-Oct-2015
    • Micro Focus Products:
      iFolder

Environment


Novell iFolder 3.7
Novell iFolder 3.8
Novell iFolder 3.9

Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 2
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 3
Novell Open Enterprise Server 11 (OES 11) Linux Support Pack 1
Novell Open Enterprise Server 11 (OES 11) Linux Support Pack 2

Situation

When trying to update iFolder with a new SSL certificate, the iFolder product documentation does NOT explain how to update the SSL certificates within iFolder.  The missing information is found here.

Resolution

iFolder product documentation explains most of the steps required to replace the SSL certificate after changing the Apache SSL certificate.  This is found in  Section D.5.1 of the iFolder Administration guide,  but is not specific on how exactly to update iFolder itself.  The steps are outlined here, with the information that is missing in step 7.

Unlike normal configuration changes to the iFolder configuration files, where it is recommended to shut down Apache first, here, Apache MUST be up and running.  Here are the steps, with the additional information that was missing in step 7:

1.  Create a backup of the original certificate from the Apache certificate store.
2. Ensure you have the valid new certificate to replace the original certificate.
3. If the names of the original and new certificates differ, edit the /etc/apache2/vhosts.d/vhost-ssl.conf file and replace the filename of the original certificate with that of the new certificate.
4. Create a backup of the /opt/novell/ifolder3/%lib/simias/admin/Web.config and/opt/novell/ifolder3/%lib/simias/webaccess/Web.config files. Here, %lib must be replaced by lib for the 32-bit server and lib64 for the 64-bit servers.
5. Copy the new certificate to the Apache certificate store. The permission assigned on the new certificate must be same as the permission for the original certificate.
6. Restart Apache.
7. Configure the iFolder Web Admin sever and the Web Access server to import the new certificate keys in the admin Web.config file.

NOTE:  To configure the iFolder Web Admin and iFolder Web Access Server to import the new SSL certificate keys, make sure that Apache IS running (see step 6), then run the /opt/novell/ifolder3/bin/ldap-cert-update script, /opt/novell/ifolder3/bin/ifolder-admin-setup, and /opt/novell/ifolder3/bin/ifolder-web-setup scripts and when prompted to accept the new certificate, press Y and hit Enter.

8. Restart Apache.
9. Log in to the Web Admin console and Web Access console to verify if you are able to successfully view all the pages in the Web Admin and Web Access console.

Additional Information

In OES 11, the /opt/novell/ifolder3/bin/ldap-cert-update script is currently broken. Development is working to get this fixed. In the meantime, use the following process to update the certificates used by iFolder:

1. Backup the iFolder datastore
2. Reconfigure iFolder by running the /opt/novell/ifolder/bin/simias-server-setup script. Use the same configuration that is currently being used. Do not change anything. This will cause the new certificate to be imported
3. Reconfigure the /opt/novell/ifolder/bin/ifolder-admin-setup and the /opt/novell/ifolder/bin/ifolder-web-setup in the iFolder console.