Novell Remote Manager uses the default certificates created during the installation to secure access through it to the server. This certificate is bound to the first network board found in the server configuration.
During the install of eDirectory on a new server installation, there is a check box to have all HTTP services use an eDirectory certificate. HTTPSTKD uses that certificate if this check box is selected or the YAST CA certificate if it is not selected. On upgrades, the check box in eDirectory is not selected, so certificates that were previously used are maintained.
You can create new certificates and modify the /etc/opt/novell/httpstkd.conf file to use any certificates other than the default certificate file for any reason. You should create a new certificate in cases such as the following:
The default certificate does not meet the level of security required by your organization
The default certificate was bound to a DHCP address
You have changed the server’s IP address
You want to bind a new certificate to a different network board
To view the certificates being used:
Click the
icon in the navigation frame.Under the Novell Remote Manager Certificate Management heading, click
.To create a new certificate:
Click the
icon in the navigation frame.Under the
heading, click .On the Create a Certificate for Novell Remote Manager page, specify the required information in the
fields.This creates a new certificate and automatically replaces the current certificate at /etc/opt/novell/httpstkd/server.pem.
If you want to create the certificate in a different location or with a different name, change the filename or path in the
field.Click
.(Conditional) If you changed the name of the certificate file or the path to it from the default location, edit the /etc/opt/novell/httpstkd.conf before restarting HTTPSTKD.
Restart HTTPSTKD by clicking the
button on the Novell Remote Manager Configuration Options page.To bind Novell Remote Manager to an additional IP address to or to a different certificate:
Click the
icon in the navigation frame.Click
.In the Address and Port portion of the file, specify the new IP address or certificate path and name.
For example, if you had two network boards that you wanted to bind Novell Remote Manager to, you would create or have two separate certificates and then make these entries in the /etc/opt/novell/httpstkd.conf file:
addr 192.27.1.123:8008 addr 192.27.1.123:8009 keyfile=/etc/opt/novell/httpstkd/server.key certfile=/etc/opt/novell/httpstkd/server1.pem addr 192.27.1.124:8008 addr 192.27.1.124:8009 keyfile=/etc/opt/novell/httpstkd/server.key certfile=/etc/opt/novell/httpstkd/server2.pem
You can put the certificate in any location as long as the entry in the /etc/opt/novell/httpstkd.conf points to the correct location and filename.