[ngw] GW Webaccess cert

Elbert LaGrew Elbert.LaGrew at katun.com
Mon Feb 10 14:41:05 UTC 2014


Well that answers the question if SLES 10 and SLES 11 are the same...they apparently are not.
 
I followed the instructions, but keep getting errors when starting the apache server...and it fails.
 
[error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
 
<sigh> still looking for some instructions from Novell. I think they used to have some, but their site is impossible to search and find relevant information.
 
--El

>>> On 2/10/2014 at 7:27 AM, in message <52F88D5A02000013000F4364 at mail.msktd.com>, "Kenneth Etter" <kle at msktd.com> wrote:

I did this on an OES 11 box, but I assume it would probably be the same for you on SLES 10.

1. Create the key - at /etc/ssl/servercerts run the following two commands:
* openssl genrsa -out webaccess.key 2048
* openssl req -new -key webaccess.key -out webaccess.csr
	  (fill in the appropriate answers)
2. Upload the CSR to your certificate provider and download the cert (I do this with Digicert and choose Apache format).
3. Copy downloaded files to /etc/ssl/servercerts
4. Edit /etc/apache2/vhosts.d/vhost-ssl.conf
  #   Server Certificate:
  SSLCertificateFile /etc/ssl/servercerts/name_of_cert.crt
  #   Server Private Key:
  SSLCertificateKeyFile /etc/ssl/servercerts/webaccess.key
  #   Server Certificate Chain:
  SSLCertificateChainFile /etc/apache2/ssl.crt/name_of_chain_file.crt
5. Restart Apache: rcapache2 restart

Just a thought...for things like this that I do once every few years, I keep notes of the exact steps I did.  Makes it easier down the road.  Actually, I keep notes for most everything.  Unless I'm doing something every day (or every few days) it can easily be forgotten.  :-)

Ken




>>> "Elbert LaGrew" <Elbert.LaGrew at katun.com> 2/10/2014 6:43 AM >>>
OK.  I've done this before...but I am having a hard time now and since I only do this every 3 years I cannot remember.

So here is the situation.  I have a GoDaddy cert on my GW 2012 Webaccess box now which is expiring.  I've generated a CSR and have The cert and the intermediate cert.  How in the world to I install these on a sles 10 Sp4 OES2 Sp3 box?

Does anyone have  step-by-step instructions?  I have tried the one from Novell with the certs.sh and it does NOT generate anything that Apache wants to see. I'd like this a lot if it worked. Novell??.  

If I recall last time, I used a TID or some other instructions that had manual openssl commands and that worked a charm....but I cannot find that again.

Does Novell have step-by-step instructions on line or must I open a ticket? <sigh>  Help please!

--El


More information about the ngw mailing list