Importing an SSL wildcard certificate into eDirectory
I found getting a wildcard SSL certificate like *.your_domain_name.com imported into eDir and used by multiple servers
a bit challenging,
so when I finally got it to work (with the help of my boss), I decided to record our steps. Below are the steps we took
to successfully import
and use a wildcard SSL certificate for Apache, iManager, NetStorage, Remote Manager.
Part A: Make a PEM file
1)Create pem file (text file ending with .pem extension): Paste the contents of each of
the following in this order:
ca-bundle.crt, StarfieldTech-Chain.crt, Your-SSL.key,
Your-Star.crt
Note: This creates one large text file (in this case, SOMETHING.pem), with four of these ----BEGIN
CERTFICATE-- ----END CERTIFICATE-----
Part B: Running openssl on the pem file
1)Find a linux machine, and run this command on your SOMETHING.PEM:
openssl pkcs12 -clcerts -export -in SOMETHING.pem -out SOMETHING.pfx
Note: you'll be prompted to give it a password, which you'll need when importing the
certificate into eDirectory
Part C: Importing pfx file into eDirectory
1)Launch ConsoleOne, and create an object called key material, shown here
Note:Remember to create this object in the same container as your server
2)After you give the object a name, you'll be given the "import" option,
shown here
3)Click "Read File", and browse to the pfx file created in Part B,
shown here
4)Enter in the password used when creating the pfx file,
shown here
Part D: Applying certs to both instances of Apache (Remote manager and iMaanager)
1)Applying to iManager: Edit \\servername\sys\Apache2\conf\httpd.conf, and make the
SecureListen line use your certificate, like this: SecureListen 443
"cert_name_you_created"
2)Applying to Remote Manager: At the server console, go
nwconfig->NCF FILES->EDIT
AUTOEXEC.NCF.
Change the line in this file to use your certificate, like so:
load httpstk.nlm /SSL /keyfile:"cert_name_you_created"