license:
GPLv2 The Certificate Re-creation script recreates the certificates on OES1, OES2, and OES 11 servers using a Personal Information Exchange File. With an additional parameter it will also restart all the necessary services. The following information is obtained in the script execution process.
Platforms Supported:
32 and 64 bit OES1, OES2, and OES 11 are currently supported.
Script Process:
- (Only executes when the -c switch is used) Prechecks are done to verify if the current certificates are good.
- The following files are backed up with the date and time appended.
/etc/ssl/servercerts/servercert.pem /etc/ssl/servercerts/serverkey.pem /var/lib/novell-lum/x.x.x.x.der /etc/opt/novell/SSCert.pem //OES1 /etc/opt/novell/certs/SSCert.pem //OES2 and OES 11
- Creation of new Certificates
/etc/ssl/servercerts/serverkey.pem /etc/ssl/servercerts/servercert.pem /etc/opt/novell/SSCert.pem //OES1 /etc/opt/novell/SSCert.der //OES1 /etc/opt/novell/certs/SSCert.pem //OES2 and OES 11 /etc/opt/novell/certs/SSCert.der //OES2 and OES 11 /var/lib/novell-lum/x.x.x.x.der
- (Only executes when the -c switch is used)Postchecks are done to verify if the new certificates are good.
- Reloads services (optional but recommended)
owcimond (only in OES1 and OES2) nldap namcd apache2
Installation Instructions for Version 3:
- Download certificate-creation-3.1.tbz
- Open a Terminal window and type “su”
- Enter root’s password
- Extract the script from the tarball
#tar –xjvf certificate-creation-3.1.tbz - Make the script executable.
#chmod 755 certificate-creation.sh - Delete current eDirectory certificates.
- In iManager, go to Novell Certificate Access -> Server Certificates.
- Select the server you plan on recreating the certificates on (looks like a magnifying glass)
- Select all certificates in the list and click delete.
- Delete the SAS Service Object.
- In iManager, go to Novell Certificate Access -> SAS Service Object.
- Select the server you plan on deleting the SAS Service object on (looks like a magnifying glass).
- Check the box next to the SAS Service object and click delete.
- Go to the terminal opened in step #2 and type "ndsconfig upgrade". This will create new eDirectory certificates for this server.
- Export the Personal Information Exchange File using iManager.
- In iManager, go to Directory Administration -> Modify Object
- Select the SSL CertificateDNS - YourServerName certificate object, which by default is in the same eDirectory context as your server object and click OK
- Go to the Certificates tab of the certificate object and click Validate. It should come back as Valid.
- Select Export.
- Select "Export private key" and "Include all certificates in the certification path if available."
- Assign the private key a password. This will be used to protect the private key while it is being transferred. This password will be removed in a future step.
- Save the resulting pkcs12 file (Personal Information Exchange format) to a secure location on your server. The default file name is cert.pfx
- Run the certificate-creation.sh script
#./certificate-creation-3.1.sh -f /directory/fileName.pfx -l -r
Fixes and Enhancements:
-
Version 1.1
- The script will now check if your are root
- OES2 x86_64 is now supported
- A relative path to the .pfx file can now be used.
-
Version 2.0
- This script will now do pre and post checks to see if the certificates are good or bad
- Color was also added for easier reading
-
Version 3.0
- No longer displays the password when the ldap search throws an error
-
Version 3.1
- The Pre and Post checks are now optional. It only executes when the -c switch is used.
- The script no longer tries to restart owcimomd in OES 11. owcimomd no longer is used in OES 11.
Note: Using a –h will display other parameter options if desired...
| Załącznik | Wielkość |
|---|---|
| certificate-creation-3.1.tbz | 5.07 KB |