Installing your SSL Server Certificate - Microsoft Novell i-chain

You will receive an email from the Registration Authority when your certificate request has been approved that contains a link to a location where your certificate may be obtained.  Clicking on this link will bring up a browser window that contains the details of your issued certificate and includes a section that looks something like the following:

-----BEGIN CERTIFICATE-----
MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAmowggHXAhAF
UbM77e50M63v1Z2A/5O5MA0GCSqGSIb3DQEOBAUAMF8xCzAJBgNVBAYTAlVTMSAw
(.......)
E+cFEpf0WForA+eRP6XraWw8rTN8102zGrcJgg4P6XVS4l39+l5aCEGGbauLP5W6
K99c42ku3QrlX2+KeDi+xBG2cEIsdSiXeQS/16S36ITclu4AADEAAAAAAAAA
-----END CERTIFICATE-----

Copy everything you see between and including the lines that look like
-----BEGIN CERTIFICATE-----
and
-----END CERTIFICATE-----

and paste it into an appropriately named text file e.g. myserver.cert

  1. Download the PEM format Bundled CA certificate file (full CA chain)
  2. Open ConsoleOne and open the ICS container for the iChain server.

    Installing your Certificate on Novell I-Chain

  3. Open the certificate.
  4. Select the 'Certificates' tab and press the "Import" button.

    Installing your Certificate on Novell I-Chain

  5. Click 'Read from file' and browse to the PEM format Bundled CA certificate file (full CA chain) downloaded previously.
    Press 'Next'.
  6. Click 'Read from file' and browse to the new server certificate file created earlier (e.g. myserver.cert) or paste it's contents into the window supplied.
  7. Click 'Finish' to install the certificate.

You may get an error stating that the subject in the certificate does not match the subject in the object (CSR).  This may be due to additional OUs in the certificate.   Accept the certificate anyway.  If a validation is attempted on the certificate in ConsoleOne it will produce an error stating 'Unable to validate the certificate chain to a root certificate'.

  1. On the iChain server click 'Apply'.
    The certificate will be installed but will display an error stating '-1240 Certificate failed parsing - may need external certificate'.
  2. Open the accelerator for the web site.  The 'Certificate' drop down item in the Secure Exchange portion will now have the certificate available.  Select the new certificate, click OK and then press 'Apply'.

When the Management display is refreshed the website will be secured with the new certificate.

Copyright © Trustis Limited 2010.  All Rights Reserved
This document is licensed for use only in conjunction with the use of Trustis Trust Services