marklar23 Absent Member.
Absent Member.
2524 views

Common Server Certificate Resets

I've recently run into a certificate issue with my existing iPrint server which prompted me to speed things up an build a new iPrint server in a virtual environment. Since the reason prompting me to do this was because of an expired certificate and lost CA password, I'm a little sensitive to certificate issues right now.

After building my SLES 10 SP3, OES2 SP3 VM, I immediately went into my CA Management utility to create a self signed cert for something much longer than the default 2 years. From the CA Management utility I had also exported the cert as the Common Server Certificate. I've noticed that whenever I restart the server while testing, when the server comes back up the Common Server Certificate is back to the one that expires in 2 years. I've also exported the certificate and imported it directly through the Common Server Certificate utility in YaST, but again after restarting the server it resets to the original cert.

Does anyone know of a way to make the 5 year self signed cert stay after restarting? I would consider getting a signed certificate but currently only have a wildcard cert which after much trouble found that many Novell Linux products don't get along well with wildcard certs, so I'd rather stick with self signed at this time. Thanks!
Labels (2)
0 Likes
3 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Common Server Certificate Resets

marklar23;2090000 wrote:
I've recently run into a certificate issue with my existing iPrint server which prompted me to speed things up an build a new iPrint server in a virtual environment. Since the reason prompting me to do this was because of an expired certificate and lost CA password, I'm a little sensitive to certificate issues right now.

After building my SLES 10 SP3, OES2 SP3 VM, I immediately went into my CA Management utility to create a self signed cert for something much longer than the default 2 years. From the CA Management utility I had also exported the cert as the Common Server Certificate. I've noticed that whenever I restart the server while testing, when the server comes back up the Common Server Certificate is back to the one that expires in 2 years. I've also exported the certificate and imported it directly through the Common Server Certificate utility in YaST, but again after restarting the server it resets to the original cert.

Does anyone know of a way to make the 5 year self signed cert stay after restarting? I would consider getting a signed certificate but currently only have a wildcard cert which after much trouble found that many Novell Linux products don't get along well with wildcard certs, so I'd rather stick with self signed at this time. Thanks!


During the installation of this new server did you de-select "Use eDirectory Certificates for HTTPS Services", by default eDirectory certs are used instead of the "YaST certificates"?

Thomas
0 Likes
marklar23 Absent Member.
Absent Member.

Re: Common Server Certificate Resets

Probably not since, as you phrased it, it needed to be de-selected. Is there any way to change it at this point?
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Common Server Certificate Resets

marklar23;2090373 wrote:
Probably not since, as you phrased it, it needed to be de-selected. Is there any way to change it at this point?


Don't know, but you can recreate/renew these eDirectory certificates using iManager, here is a TID about it:

SSL Certificates expire after two years, affecting OES services

Thomas
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.