NW 65 and DigiCert

We have a NW 6.5 SP8 server that we need to updated the SSL Cert on. I have generated the CSR request and received the SSL Cert from DigiCert. I imported the the info into the object that I created for the CSR request. Everything is validfor the Trusted Root and Public Key certificates.

However when I use the SSL Cert checker from DigiCert I get the following error messages:


SSL Certificate is expired.

The certificate was valid from 12/18/2008 through 12/18/2009.

It is also showing the wrong serial number for the cert.


SSL Certificate is not trusted

The certificate is not signed by a trusted authority (checking against Mozilla's root store). If you bought the certificate from a trusted authority, you probably just need to install one or more Intermediate certificates. Contact your certificate provider for assistance doing this for your server platform.

I have modified the nwconfig file to use the new SSL cert as well as the conf files for Apache.

Does NW 6.5 work with wilcard certs?

Thanks,
Nancy
Parents
  • There are some NDS objects for expired certs still in the same container as the new cert. Would that be causing any problems?
  • N kerr,
    > There are some NDS objects for expired certs still in the same container
    > as the new cert. Would that be causing any problems?


    No, as long as you have the correct certificate specified in the listen
    statememt of httpd.conf. Just for laughs, try changing the name there to
    something invalid, add a char or so, unload apache, load apache. In this
    case Apache should not load and an error should be written into
    startup.err

    --
    Anders Gustafsson (NKP)
    The Aaland Islands (N60 E20)

    Have an idea for a product enhancement? Please visit:
    http://www.novell.com/rms

  • Apache did not load when I added an extra character to cert name. When I type in https://web site I get the following error message.

    There is a problem with this website's security certificate.


    Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
    We recommend that you close this webpage and do not continue to this website.
    Click here to close this webpage.
    Continue to this website (not recommended).
    More information


    If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting.
    When going to a website with an address such as https://example.com, try adding the 'www' to the address, https://www.example.com.

    For more information, see "Certificate Errors" in Internet Explorer Help.

    According to Didicert the SSL cert on the server is still expired and is not trusted.
  • Apache did not load when I added an extra character to cert name. When I type in https://web site I get the following error message.

    There is a problem with this website's security certificate.


    Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
    We recommend that you close this webpage and do not continue to this website.
    Click here to close this webpage.
    Continue to this website (not recommended).
    More information


    If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting.
    When going to a website with an address such as https://example.com, try adding the 'www' to the address, https://www.example.com.

    For more information, see "Certificate Errors" in Internet Explorer Help.

    According to Didicert the SSL cert on the server is still expired and is not trusted.
  • N kerr,
    > Apache did not load when I added an extra character to cert name. When
    > I type in https://web site I get the following error message.


    OK. Then we have something. If you look at that cert in ConsoleOne, or
    iManager, what dates do you see? Ie the same old dates or the
    certificate's new dates?

    --
    Anders Gustafsson (NKP)
    The Aaland Islands (N60 E20)

    Have an idea for a product enhancement? Please visit:
    http://www.novell.com/rms

  • When I view the info for the object in NDS I see the correct dates (what it should be for the Digicert).
  • N kerr,
    > When I view the info for the object in NDS I see the correct dates (what
    > it should be for the Digicert).


    And that certificate is assigned to the server where apache runs? What
    does your listen statement look like in httpd.conf?

    --
    Anders Gustafsson (NKP)
    The Aaland Islands (N60 E20)

    Have an idea for a product enhancement? Please visit:
    http://www.novell.com/rms

Reply Children
No Data