How to renew server certificates with iPrint Appliance 1.x, 2.x, 3.x

  • 7016720
  • 30-Jul-2015
  • 16-Jan-2019

Environment

Micro Focus iPrint Appliance 3.x
Novell iPrint Appliance 2.x
Novell iPrint Appliance 1.x

Situation

Unable to manage iPrint Appliance 3.x, 2.x, or 1.x services using iManager due to certificates expiring.  Certificates expire 2 years after the installation of the Appliance server.

Resolution

iPrint Appliance 3.x

While logged into a terminal session as root, run the following command:
chmod +x /opt/novell/iprintmobile/bin/certman.sh;/opt/novell/iprintmobile/bin/certman.sh -t edir -r
If the above commands don't resolve the problem, then run the following string of commands:
rcndsd restart;/opt/novell/iprintmobile/bin/certman.sh -t edir -r

iPrint Appliance 2.x
While logged into a terminal session as root, run the following command:
sh certman.sh -t edir -r

If the above commands don't resolve the problem, then run the following string of commands:

rcndsd restart;sh certman.sh -t edir -r

iPrint Appliance 1.x

  1. Install the certificate management plugin in appliance.
    • copy/paste the following string of commands into a terminal session of the Appliance:
      • rm /var/opt/novell/iManager/nps/WEB-INF/configiman.properties;cd /opt/novell/eDirectory/bin;. /opt/novell/eDirectory/bin/ndspath;echo admin.iPrintAppliance.`ndsstat | grep "Tree Name" | awk '{print $NF}'`=eDirectory > /var/opt/novell/iManager/nps/WEB-INF/configiman.properties;rcnovell-tomcat6 stop
    • Open the following file:
      • /var/opt/novell/iManager/nps/WEB-INF/config.xml
      • Do a FIND for ShouldModuleDownload
        • Change false to true
      • Restart Novell Tomcat:
        • rcnovell-tomcat6 start
    • Download the version of NetIQ Certificate Server Plug-in compatible with the iPrint Appliance version 1.1 from here.
    • Go to iManager -> Configure (one of the blue buttons along the top) -> Plugin installation -> Available Novell Plugin modules -> click the "Add" link (upper right)  -> "Browse" -> select the downloaded pki.npm -> and OK.
    • Select 'NetIQ Certificate Server Plug-ins for iManager' and click the "Install" link.
    • Restart Novell Tomcat:
      • rcnovell-tomcat6 restart
  2. Enable Self-provisioning:
    • iManager -> NetIQ Certificate Server -> Configure Certificate Authority
      • Enable the check box for the following:
      • Enable server self-provisioning
      • Health Check - Force default certificate creation/update on CA change
    • Click OK.
  3. Clear up cert databases and restart eDirectory server
    • Copy/paste the following string of commands into a terminal session:
      • cd /var/opt/novell/eDirectory/data/dib/;mv cert.01 certorig.01;mv cert.db certorig.db;mv cert.lck certorig.lck;mv cert.rfl certorig.rfl;mv crl.rfl crlorig.rfl;mv crl.01 crlorig.01;mv crl.db crlorig.db;mv crl.lck crlorig.lck;rm -rf cert.01;rm -rf cert.db;rm -rf cert.lck;rm -rf cert.rfl;rm -rf crl.rfl;rm -rf crl.lck;rm -rf crl.01;rm -rf crl.db;rcndsd restart
  4. Refresh the eDirectory certificate objects
      • SAS Service Object
        • In iManager, go to Novell Certificate Access -> SAS Service Object
        • Delete the SAS Service Object.
      • Delete the eDirectory certificates
        • in iManager, go to Novell Certificate Access -> Server Certificates
        • Select all the certificate objects and choose delete.
      • Instruct eDirectory to recreate those deleted objects
        • Within a terminal session, type:  ndsconfig upgrade
  5. Export newly created certs to server directories:
    • iManager -> NetIQ Certificate Access -> Server Certificates ->  check the box for "SSL CertificateDNS -> Export
      • Choose the drop down box for "Certificates:" and select "SSL CertificateDNS"
      • Type a password which you need to remember for a few minutes (type it twice)
      • Next
      • Click the "Save the exported certificate." link
    • Copy the saved cert.pfx to the Appliance server's /tmp directory
    • Copy/paste the following string of commands into a terminal session:
      • wget -P /tmp https://www.novell.com/communities/media/certificate-creation-3.1.tbz;cd /tmp;tar -xjvf certificate-creation-3.1.tbz;./certificate-creation-3.1.sh -f /tmp/cert.pfx -l -r;rcnovell-ipsmd restart
    • When prompted for the admin user name, provide:
      • admin.iPrintAppliance
        • Provide the admin password when prompted
    • Provide the password which needed to be remembered for a few minutes (step above).

For the iPrint Appliance 1.1, you may also follow this video for a step by step video of the process.

Additional Information

For the iPrint Appliance 1.1, as an alternative to following the steps listed within the Resolution steps of this TID, you can copy the following string of commands and paste them into a terminal session to download and execute a script which will automate some of the steps for you.

wget -P /tmp https://www.novell.com/communities/coolsolutions/wp-content/uploads/sites/2/2016/05/cert-renew.zip;cd /tmp;unzip cert-renew.zip;/tmp/cert-renew.sh

Note:  If the server is version 1.1, there is an important additional step which you must take which is not documented in the script.  After running the script, it asks you to install the "NetIQ Certificate Server Plug-ins for iManager".  The version listed in the "Available Plug-ins" list is not compatible with the version of iManager which ships with the iPrint Appliance 1.1.  You must:
  1. Download the "NetIQ Certificate Server Plug-ins for iManager" (pki.npm) from here
  2. Go to iManager -> Configure (one of the blue buttons along the top) -> Plugin installation -> Available Novell Plugin modules -> Click the "Add" link (top right) -> "Browse" -> select the downloaded pki.npm -> and OK.
  3. Check the box for "NetIQ Certificate Server Plug-ins for iManager" and click the "Install" link.
  4. Wait for the plug-in to install.
  5. Hit ENTER within the script session to progress to the next step
  6. Continue following the steps within the script.