Home > Articles > Security > Network Security

  • Print
  • + Share This
Like this article? We recommend

Generating an SSL Server Certificate

In order to use SSL, you have to generate an SSL-LDAP server certificate.

To Generate an SSL-LDAP Server Certificate

  1. Go to /opt/iplanet/server5 and start the Sun ONE console.

  2. Select http://sunshine.init8.net:3890 as the administration URL and enter admin/manager as the username/password.

  3. Double-click the Directory Server Icon (in the Server Group).

    The Sun ONE Directory Server software Admin window opens.

  4. Select Manage Certificates from the Directory Server Admin window.

  5. Select Security Device Password of the freshly installed Sun ONE Directory Server software.

    1. At the corresponding popup window, enter the password (for example, manager1).

    2. Click OK.

  6. Request a new certificate by clicking Request and then click Request a certificate manually.

    The wizard starts up.

  7. Enter the following information:

    Server name: sunshine.init8.net
    Organization: iNIT8
    Organizational Unit: directory@iNIT8
    City: Hamburg
    State: HAMBURG
    Country: DE

    Click Next.

  8. Enter the password to access token (for example, manager1).

  9. Select the place where the certificate request will be stored (choose either file or clipboard).

    1. Select File and save the request in ~/cert-request.txt.

    2. Click Done.

    You can then view the contents of the request using a UNIX shell. It will look like the following:

    -----BEGIN NEW CERTIFICATE REQUEST-----
    MIIB1DCCAT0CAQAwgZMxCzAJBgNVBAYTAkRFMRAwDgYDVQQHEwdIYW1idXJnMQ4w
    DAYDVQQKEwVpTklUODFFMEMGA1UECxw8AAAAZAAAAGkAAAByAAAAZQAAAGMAAAB0
    AAAAbwAAAHIAAAB5AAAAQAAAAGkAAABOAAAASQAAAFQAAAA4MRswGQYDVQQDExJz
    dW5zaGluZS5pbml0OC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM2W
    vARHmRUUevbOpV4bW/8bV8gxbnrx4uL359W/l9wEboUvZVkMrJlSfrXLMyqg1KNt
    EFMYGxRwMCQzTiQ9KjUiE2HhuX5dvmq6+5VxJLXBDz5bpvBVF5ICW5IHtfNaIHrB
    wPoLknbHiqqhJK6qejs5ly2DBsTR66E+N9yjOaqRAgMBAAGgADANBgkqhkiG9w0B
    AQQFAAOBgQBO1OqhwuBKPc2Lc7bzJNc+iTQFBTuxdI3qnVQL2/iOuWYy7BJX1rNe
    55iHaIrSzIRiYVRzHQW184IaX04tKBgs0RIgifD15QNYek4YTfGMIxIBKk5G3jD4
    +yO8Bz3VblIlI0nvn9hr8LsnNns1Y+9X/A9xwJbcbff/f70yKVo6Vg==
     -----END NEW CERTIFICATE REQUEST-----
  10. Enter the request into the Sun ONE Certificate Server software.

    1. Point your browser to https://sunshine.init8.net:443 and click SSL Server in the navigation frame.

    2. Copy the request from ~/cert-request.txt and paste it into the PKCS#10 request area.

      NOTE

      Sometimes the cut and paste option is unstable with the Netscape browser. If you experience any problems, open a new browser window and point it to ~/cert-request.txt (for example, through file:/cert-request.txt). Then copy it through the Netscape browser's copy function and paste it into the PKCS#11 text field.

  11. Enter the LDAP server admin contact information (for example):

    Name: L. Dap
    E-Mail: ldap@init8.net
    Telephone: 040 123456

    Click Submit.

  12. Approve the request by pointing your browser to https://sunshine.init8.net:8100/.

  13. Look at the pending certificate requests. You can see the freshly generated PKCS#11 request. Approve it.

    The Sun ONE Certificate Server software generates an SSL certificate which is presented to you. Sun ONE Certificate Server software shows you two Base64 encoded certificates: a plain one and one in PKCS#7 format. Copy the plain one to the clipboard.

    -----BEGIN CERTIFICATE-----
    MIIC9TCCAl6gAwIBAgIBBTANBgkqhkiG9w0BAQQFADB0MQswCQYDVQQGEwJERTEQ
    MA4GA1UECBMHSEFNQlVSRzEQMA4GA1UEBxMHSGFtYnVyZzEOMAwGA1UEChMFaU5J
    VDgxDTALBgNVBAsTBENFUlQxIjAgBgNVBAMTGWlOSVQ4IENlcnRpZmljYXRlIE1h
    bmFnZXIwHhcNMDIwMTA4MTY0MzA2WhcNMDMwMTA4MTY0MzA2WjCBqTELMAkGA1UE
    BhMCREUxEDAOBgNVBAgTB0hBTUJVUkcxEDAOBgNVBAcTB0hhbWJ1cmcxDjAMBgNV
    BAoTBWlOSVQ4MUkwRwYDVQQLHEAAAABkAAAAaQAAAHIAAABlAAAAYwAAAHQAAABv
    AAAAcgAAAHkAAABAAAAAaQAAAE4AAABJAAAAVAAAADgAAAAuMRswGQYDVQQDExJz
    dW5zaGluZS5pbml0OC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALP6
    kj4H8GJyEItcbEKZrFWrCxzRhrnxtUPYAJGMcUUWgJHEkJmkvyOI3LhIUVCi/ctw
    kKx7cYLIKrnVMhV2Ax9ruBqwG8YZ5htwFiDUDe4yg0c2CBnab80hjwdo2ef36o9n
    Cb17ZaVlVzbLZQTGby3/wWdkuTG6QAglS+/VIU6RAgMBAAGjYTBfMBEGCWCGSAGG
    +EIBAQQEAwIGQDAOBgNVHQ8BAf8EBAMCBPAwHwYDVR0jBBgwFoAUBDT72UFVNo1t
    wVpzqCFTqPjyyQYwGQYDVR0RBBIwEIEObGRhcEBpbml0OC5uZXQwDQYJKoZIhvcN
    AQEEBQADgYEAGr5zWzAD+dRZWrFy55PB80lyaH9jnlDlfpNnJgrEKL+HRulwrRt9
    3Q1oGbo9NjoMt9XHLkchzvjnavJZE7z4hsFAwJnMUHkqdsa8wreBSrsR2HTi3ZJG
    opxvWArFo7HDxZ6n9Di9SJlNkRhdceKWNpkXDmdSIfRuSQodrUlj36k=
    -----END CERTIFICATE-----
  14. Install the certificate in your Sun ONE Directory Server software using the Sun ONE Directory Server software Certificate Wizard, and select Install.

    1. Paste it from the clipboard in the text box. If that doesn't work for you, try to save it in a file first and then point the wizard to the file.

    2. Click Next and the wizard shows you certificate information.

  15. Click Next twice.

  16. Enter the password for the database (for example, manager1). Click Done.

    The certificate is now in the wizard's Manage Certificates window.

  17. Close the window.

  • + Share This
  • 🔖 Save To Your Account