SUSE/SLES/Yast Common Server Cert

From MicroFocusInternationalWiki
Revision as of 22:03, 8 November 2016 by Kgroneman (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Micro Focus International Wiki  |  SUSE  |  SLES  |  Yast Common Server Cert


In case you want to change the Yast Common Server Certificate to a Novell eDirectory signed one, follow this steps:

1. On the SLES server create the signing request without setting a pasword on it:

# openssl rand -out /tmp/random.txt 1024
# openssl genrsa -out server.key -rand /tmp/random.txt 1024
# openssl req -new -key server.key -out server.csr

2. Next use iManager to issue a certificate using the signing request server.csr and export the certificate in base64 encoding.

3. Now export the public key of the eDirectory CA in base64 format

4. Next create a new cert.pem file containing the following:

... this is the block from the eDirectory CA public key ...

... this is the server certificate signed by the eDirectory ...

... this is the content of the server.key ...

5. Now use openssl to create the pkcs12 file

# openssl pkcs12 -export -in cert.pem -out cert.p12

6. Now start yast / security and users / common server certificate and import that new pkcs12 file cert.p12 and everything is done.

One side note: After the first tests I got always the message in yast that the certificate was imported, but the screen hasn't shown it. In the /var/log/YaST2/y2log I found the error "... invalid serial number ...". That serial number is from the eDirectory CA and I found no way to change it there. I think it was simply to long. I used a different eDirextory to sign it and then it worked.