[ngw] GW Webaccess cert

Kenneth Etter kle at msktd.com
Mon Feb 10 13:27:06 UTC 2014

I did this on an OES 11 box, but I assume it would probably be the same for you on SLES 10.
1. Create the key - at /etc/ssl/servercerts run the following two commands:
* openssl genrsa -out webaccess.key 2048
* openssl req -new -key webaccess.key -out webaccess.csr
	  (fill in the appropriate answers)
2. Upload the CSR to your certificate provider and download the cert (I do this with Digicert and choose Apache format).
3. Copy downloaded files to /etc/ssl/servercerts
4. Edit /etc/apache2/vhosts.d/vhost-ssl.conf
  #   Server Certificate:
  SSLCertificateFile /etc/ssl/servercerts/name_of_cert.crt
  #   Server Private Key:
  SSLCertificateKeyFile /etc/ssl/servercerts/webaccess.key
  #   Server Certificate Chain:
  SSLCertificateChainFile /etc/apache2/ssl.crt/name_of_chain_file.crt
5. Restart Apache: rcapache2 restart
Just a thought...for things like this that I do once every few years, I keep notes of the exact steps I did.  Makes it easier down the road.  Actually, I keep notes for most everything.  Unless I'm doing something every day (or every few days) it can easily be forgotten.  :-)

>>> "Elbert LaGrew" <Elbert.LaGrew at katun.com> 2/10/2014 6:43 AM >>>
OK.  I've done this before...but I am having a hard time now and since I only do this every 3 years I cannot remember.

So here is the situation.  I have a GoDaddy cert on my GW 2012 Webaccess box now which is expiring.  I've generated a CSR and have The cert and the intermediate cert.  How in the world to I install these on a sles 10 Sp4 OES2 Sp3 box?

Does anyone have  step-by-step instructions?  I have tried the one from Novell with the certs.sh and it does NOT generate anything that Apache wants to see. I'd like this a lot if it worked. Novell??.  

If I recall last time, I used a TID or some other instructions that had manual openssl commands and that worked a charm....but I cannot find that again.

Does Novell have step-by-step instructions on line or must I open a ticket? <sigh>  Help please!


More information about the ngw mailing list