How to export the eDirectory certificate and import it into OpenSSL for iFolder

  • 7022648
  • 08-Feb-2018
  • 08-Feb-2018

Environment

Novell OES for Linux
iFolder 2.1.6
Apache 2

Situation

Export the eDirectory certificate and import it into OpenSSL.  Configure the iFolder instance of Apache to use the imported Cert.

Resolution

1. Open ConsoleOne and select the "Key Material Object" (KMO) that The LDAP server is using.

2. Right click on this object and select PROPERTIES the select the TAB labeled "Certificates" and then select the EXPORT button.

3. When prompted on whether to export the private key select "YES".

4. Enter the filename and location, for example c:\LDAPcert.pfx.

5. You will be required to input a password to protect the private key. Make sure to note the password used in this step, it will be required during the import process into OpenSSL.

6. Copy the *.pfx file to your linux server. From the linux server type OPENSSL at the console then <enter>. The OpenSSL application is now running and the console command will look like this:

OpenSSL>

7. Extract the private key: pkcs12 -in LDAPcert.pfx -nocerts -out key.pem Enter the password chosen during the export and then choose a passphrase as well.

8. Extract the public key: pkcs12 -inLDAPcert.pfx -clcerts -nokeys -out ifcert.pem

9. Remove the passphrase from the private key: rsa -in key.pem -out ifkey.pem

10. Copy these to the default Apache certificate directory: /etc/ssl/servercerts

11. The final step is to point iFolder's Apache config file to the new certificate files. Edit the /etc/opt/novell/ifolder/conf/httpd.conf file and change the SSLCertificateFile and SSLCertificateKeyFile directives to point to the new certs. Here is what they should look like:

SSLCertificateFile /etc/ssl/servercerts/ifcert.pem

SSLCertificateKeyFile /etc/ssl/servercerts/ifkey.pem

Now restart iFolder and login to the iFolder Admin tool to create the iFolder objects.

Additional Information

Formerly known as TID# 10098796
Formerly known as TID# NOVL103315

Feedback service temporarily unavailable. For content questions or problems, please contact Support.