Highlighted
Absent Member.
Absent Member.
2303 views

NW 65 and DigiCert

We have a NW 6.5 SP8 server that we need to updated the SSL Cert on. I have generated the CSR request and received the SSL Cert from DigiCert. I imported the the info into the object that I created for the CSR request. Everything is validfor the Trusted Root and Public Key certificates.

However when I use the SSL Cert checker from DigiCert I get the following error messages:


SSL Certificate is expired.

The certificate was valid from 12/18/2008 through 12/18/2009.

It is also showing the wrong serial number for the cert.


SSL Certificate is not trusted

The certificate is not signed by a trusted authority (checking against Mozilla's root store). If you bought the certificate from a trusted authority, you probably just need to install one or more Intermediate certificates. Contact your certificate provider for assistance doing this for your server platform.

I have modified the nwconfig file to use the new SSL cert as well as the conf files for Apache.

Does NW 6.5 work with wilcard certs?

Thanks,
Nancy

Labels (1)
0 Likes
38 Replies
Highlighted
Knowledge Partner
Knowledge Partner

N kerr,
> Does NW 6.5 work with wilcard certs?


Never tried to be fair, but did you restart apache after installing the
cert?

--
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)

Have an idea for a product enhancement? Please visit:
http://www.novell.com/rms

0 Likes
Highlighted
Absent Member.
Absent Member.

Yes. I even rebooted the server. Still get the same error message.

0 Likes
Highlighted
Absent Member.
Absent Member.

There are some NDS objects for expired certs still in the same container as the new cert. Would that be causing any problems?

0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

N kerr,
> There are some NDS objects for expired certs still in the same container
> as the new cert. Would that be causing any problems?


No, as long as you have the correct certificate specified in the listen
statememt of httpd.conf. Just for laughs, try changing the name there to
something invalid, add a char or so, unload apache, load apache. In this
case Apache should not load and an error should be written into
startup.err

--
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)

Have an idea for a product enhancement? Please visit:
http://www.novell.com/rms

0 Likes
Highlighted
Absent Member.
Absent Member.

Apache did not load when I added an extra character to cert name. When I type in https://web site I get the following error message.

There is a problem with this website's security certificate.


Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.
Click here to close this webpage.
Continue to this website (not recommended).
More information


If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting.
When going to a website with an address such as https://example.com, try adding the 'www' to the address, https://www.example.com.

For more information, see "Certificate Errors" in Internet Explorer Help.

According to Didicert the SSL cert on the server is still expired and is not trusted.

0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

N kerr,
> Apache did not load when I added an extra character to cert name. When
> I type in https://web site I get the following error message.


OK. Then we have something. If you look at that cert in ConsoleOne, or
iManager, what dates do you see? Ie the same old dates or the
certificate's new dates?

--
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)

Have an idea for a product enhancement? Please visit:
http://www.novell.com/rms

0 Likes
Highlighted
Absent Member.
Absent Member.

When I view the info for the object in NDS I see the correct dates (what it should be for the Digicert).

0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

N kerr,
> When I view the info for the object in NDS I see the correct dates (what
> it should be for the Digicert).


And that certificate is assigned to the server where apache runs? What
does your listen statement look like in httpd.conf?

--
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)

Have an idea for a product enhancement? Please visit:
http://www.novell.com/rms

0 Likes
Highlighted
Absent Member.
Absent Member.

The following is the info for the listen statement in the httpd.conf file:

# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
Listen 81
SecureListen 444 "Digi12"
#"Thawte08b"
# "SSL CertificateDNS"

0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

N kerr,
> "Digi12"


I assume then that the Certificate name in edir is then Digi12 -
Servername?

--
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)

Have an idea for a product enhancement? Please visit:
http://www.novell.com/rms

0 Likes
Highlighted
Absent Member.
Absent Member.

That is correct.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.