Anonymous_User Absent Member.
Absent Member.
3455 views

Create new SSL Certificate

My SSL Cert has expired and I am getting "this certificate has expired or is
not yet valid" when I try to access NRM.

I tried using PKIDIAG to fix the problems, and it said if found 3 problems,
fixed two, and said 0 unfixable problems. If I run it again it says no
problems exist, however the exp date on the cert is still 6/15/08

Can I change this, or do I need to create a new one?

Mike
Labels (2)
0 Likes
11 Replies
Knowledge Partner
Knowledge Partner

Re: Create new SSL Certificate

Mike Snyder,
> Can I change this, or do I need to create a new one?
>

Is this the default certificate, ie SSLCertificateIP/DNS or one that
you created yourself?

- Anders Gustafsson (Sysop)
The Aaland Islands (N60 E20)

Discover the new Novell forums at http://forums.novell.com

Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Create new SSL Certificate

Default
0 Likes
Knowledge Partner
Knowledge Partner

Re: Create new SSL Certificate

Mike Snyder,
> Default
>

Odd. PKIDIAG has always worked for me. Does apache and httpsk load now
after you have run PKIDIAG?

- Anders Gustafsson (Sysop)
The Aaland Islands (N60 E20)

Discover the new Novell forums at http://forums.novell.com

Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Create new SSL Certificate

Yes, far as I know. I haven't restarted the server after I ran PKIDIAG.
But WebAccess is still working/running.

Do I need to change anything on 5 or 6 when running it in Fix mode?
0 Likes
Knowledge Partner
Knowledge Partner

Re: Create new SSL Certificate

Mike Snyder,
> Do I need to change anything on 5 or 6 when running it in Fix mode?
>

In PKIDIAG? I generally just select fixing mode and run.

- Anders Gustafsson (Sysop)
The Aaland Islands (N60 E20)

Discover the new Novell forums at http://forums.novell.com

Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Create new SSL Certificate

Strange, said it fixed some problems the first run but my expiration date is
still the same

>>> On 6/18/2008 at 12:27 PM, in message

<VA.000034e1.008e30e1@no-mx.forums.novell.com>, Anders
Gustafsson<AndersG@no-mx.forums.novell.com> wrote:
> Mike Snyder,
>> Do I need to change anything on 5 or 6 when running it in Fix mode?
>>

> In PKIDIAG? I generally just select fixing mode and run.
>
> - Anders Gustafsson (Sysop)
> The Aaland Islands (N60 E20)
>
> Discover the new Novell forums at http://forums.novell.com
>
> Novell does not monitor these forums officially.
> Enhancement requests for all Novell products may be made at
> http://support.novell.com/enhancement

0 Likes
ataubman Absent Member.
Absent Member.

Re: Create new SSL Certificate

AFAIK you have to delete the expired cert, then PKIDIAG will create a
new one.
--
Andrew C Taubman
Novell Support Forums Volunteer SysOp
http://forums.novell.com/
(Sorry, support is not provided via e-mail)

Opinions expressed above are not
necessarily those of Novell Inc.

Andrew C Taubman (Sorry, support is not provided via e-mail) Opinions expressed above are not necessarily those of Micro Focus.
0 Likes
Marcel_Cox Absent Member.
Absent Member.

Re: Create new SSL Certificate

Mike Snyder wrote:

>I haven't restarted the server after I ran PKIDIAG.


Well, there we have the explanation.
The certificate is only read from eDirectory at the moment the service
(for instance apache2) is started. So if you renew your certificate, but
you don't restart the service that uses it, the service will continue to
use the old certificate.

--
Marcel Cox
http://support.novell.com/forums
------------------------------------------------------------------------
Marcel Cox's Profile: http://forums.novell.com/member.php?userid=8
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Create new SSL Certificate

After chasing my tail all day yesterday, I figured that might be it. That's
why I put in that statement, I assumed it would trigger the right response.

Restarted the server, all is working. Thanks for the help/advice.

Mike

>>> On 6/19/2008 at 12:19 AM, in message

<mpdpi5-ci2.ln1@ubuntu.cie.etat.lu>,
Marcel Cox<Marcel_Cox@no-mx.forums.novell.com> wrote:
> Mike Snyder wrote:
>
>>I haven't restarted the server after I ran PKIDIAG.

>
> Well, there we have the explanation.
> The certificate is only read from eDirectory at the moment the service
> (for instance apache2) is started. So if you renew your certificate, but
>
> you don't restart the service that uses it, the service will continue to
>
> use the old certificate.

0 Likes
Knowledge Partner
Knowledge Partner

Re: Create new SSL Certificate

Mike Snyder,
> After chasing my tail all day yesterday, I figured that might be it. That's
> why I put in that statement, I assumed it would trigger the right response.
>

Ah.. And I thought you were looking at the expiry date in ConsoleOne! Duh!!

- Anders Gustafsson (Sysop)
The Aaland Islands (N60 E20)

Discover the new Novell forums at http://forums.novell.com

Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Create new SSL Certificate

PKIDiag renames the old certs and creates the neew ones itself. You can
delete the OLD.... certs after the event from C1

Cheers Dave


--
Dave Parkes [NSCS]
Occasionally resident at http://support-forums.novell.com/
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.