6.5 Viewing and Creating Certificates for OES Remote Manager

OES Remote Manager uses the default certificates created during the installation to secure access through it to the server. This certificate is bound to the first network board found in the server configuration.

During the install of eDirectory on a new server installation, there is a check box to have all HTTP services use an eDirectory certificate. HTTPSTKD uses that certificate if this check box is selected or the YAST CA certificate if it is not selected. On upgrades, the check box in eDirectory is not selected, so certificates that were previously used are maintained.

You can create new certificates and modify the /etc/opt/novell/httpstkd.conf file to use any certificates other than the default certificate file for any reason. You should create a new certificate in cases such as the following:

  • The default certificate does not meet the level of security required by your organization

  • The default certificate was bound to a DHCP address

  • You have changed the server’s IP address

  • You want to bind a new certificate to a different network board

To view the certificates being used:

  1. Click the Configure icon Configuration page access icon in the navigation frame.

  2. Under the Novell Remote Manager Certificate Management heading, click View Certificate(s).

To create a new certificate:

  1. Click the Configure icon Configuration page access icon in the navigation frame.

  2. Under the Novell Remote Manager Certificate Management heading, click Create Certificate.

  3. On the Create a Certificate for OES Remote Manager page, specify the required information in the Certificate Information fields.

    This creates a new certificate and automatically replaces the current certificate at /etc/opt/novell/httpstkd/server.pem.

    If you want to create the certificate in a different location or with a different name, change the file name or path in the Certificate File field.

  4. Click Create.

  5. (Conditional) If you changed the name of the certificate file or the path to it from the default location, edit the /etc/opt/novell/httpstkd.conf before restarting HTTPSTKD.

  6. Restart HTTPSTKD by clicking the Restart Httpstkd button on the OES Remote Manager Configuration Options page.

To bind NRM to an additional IP address to or to a different certificate:

  1. Click the Configure icon Configuration page access icon in the navigation frame.

  2. Click Edit Httpstkd Config File.

  3. In the Address and Port portion of the file, specify the new IP address or certificate path and name.

    For example, if you had two network boards that you wanted to bind NRM to, you would create or have two separate certificates and then make these entries in the /etc/opt/novell/httpstkd.conf file:

    addr 192.27.1.123:8008
    addr 192.27.1.123:8009 keyfile=/etc/opt/novell/httpstkd/server.key certfile=/etc/opt/novell/httpstkd/server1.pem
    
    addr 192.27.1.124:8008
    addr 192.27.1.124:8009 keyfile=/etc/opt/novell/httpstkd/server.key certfile=/etc/opt/novell/httpstkd/server2.pem

    You can put the certificate in any location as long as the entry in the /etc/opt/novell/httpstkd.conf points to the correct location and file name.