Just because it takes a while to track all these down individually, here's a list of what to change in order to use a 3rd party security cert to prevent your browsers from complaining with iManager, iMonitor NRM and the server's basic website.
This assumes you already know how to get a 3rd party cert for your server using iManager and exporting that same cert as a PFX file to the server in question.
Once that's done, open a terminal session in the directory where the PFX file is located and run two OpenSSL commands:
openssl pkcs12 -in keyStore.pfx -out <whatever name you want>cert.pem -nodes -nokeys
openssl pkcs12 -in keyStore.pfx -out <whatever name you want>key.pem -nodes -nocerts
In both commands, you will be asked for the password you used in exporting the PFX file.
Copy both files to the /etc/ssl/servercerts/ folder
For the server itself (https://whatever_your_server_is), edit two lines in "/etc/apache2/vhosts.d/vhost-ssl-conf":
SSLCertificateFile /etc/ssl/servercerts/<your servercert file name>.pem
SSLCertificateKeyFile /etc/ssl/servercerts/<your serverkey file name>.pem
iManager:
With thanks to Peter Hine's response in the 02-Jul-2012 Novell forum thread, "OES11: Custom certificate for Apache"
https://forums.novell.com/novell-pro...te-apache.html
Edit the edir file in /etc/sysconfig/novell/
The file name varies from version to version. In OES11SP1 it's "edir_oes11_sp1"
In pre-SP1, it appears to be "edir2_oes11"
Change value of the line 'CONFIG_EDIR_OVERWRITE_CERT_FILES="yes" to "no"
Novell Remote Manager:
Edit "/etc/opt/novell/httpstkd.conf".
Look for the line addr 0.0.0.0:8009 keyfile=/etc/opt/novell/httpstkd/server.key certfile=/etc/opt/novell/httpstkd/server.pem
Edit the line to reflect the new cert file locations:
addr 0.0.0.0:8009 keyfile=/etc/ssl/servercerts/<your serverkey file name>.pem certfile=/etc/ssl/servercerts/<your servercert file name>.pem
iMonitor:
Use Console1 or iManager to locate the object in the server's context labeled "Http Server - <your server name> and examine the properties of that item.
If using C1, select the "Other" tab, find the attribute in the left column labeled "httpKeyMaterialObject", expand the attribute to show its target and navigate to the certificate you imported.
In iManager, you'll see the same attribute in the left-side column. Double-click on the attribute and navigate to your imported cert.
Restart apache2 (apache2ctl restart) and tomcat6 (service novell-tomcat6 restart) to activate the changes for the main web page and iManager.
You'll need to restart eDirectory (rcndsd restart) to activate the changes for iMonitor, so understand the disruption that could cause if you've only got one server running eDirectory.
Restarting the server will, of course, take care of all 3.
This assumes you already know how to get a 3rd party cert for your server using iManager and exporting that same cert as a PFX file to the server in question.
Once that's done, open a terminal session in the directory where the PFX file is located and run two OpenSSL commands:
openssl pkcs12 -in keyStore.pfx -out <whatever name you want>cert.pem -nodes -nokeys
openssl pkcs12 -in keyStore.pfx -out <whatever name you want>key.pem -nodes -nocerts
In both commands, you will be asked for the password you used in exporting the PFX file.
Copy both files to the /etc/ssl/servercerts/ folder
For the server itself (https://whatever_your_server_is), edit two lines in "/etc/apache2/vhosts.d/vhost-ssl-conf":
SSLCertificateFile /etc/ssl/servercerts/<your servercert file name>.pem
SSLCertificateKeyFile /etc/ssl/servercerts/<your serverkey file name>.pem
iManager:
With thanks to Peter Hine's response in the 02-Jul-2012 Novell forum thread, "OES11: Custom certificate for Apache"
https://forums.novell.com/novell-pro...te-apache.html
Edit the edir file in /etc/sysconfig/novell/
The file name varies from version to version. In OES11SP1 it's "edir_oes11_sp1"
In pre-SP1, it appears to be "edir2_oes11"
Change value of the line 'CONFIG_EDIR_OVERWRITE_CERT_FILES="yes" to "no"
Novell Remote Manager:
Edit "/etc/opt/novell/httpstkd.conf".
Look for the line addr 0.0.0.0:8009 keyfile=/etc/opt/novell/httpstkd/server.key certfile=/etc/opt/novell/httpstkd/server.pem
Edit the line to reflect the new cert file locations:
addr 0.0.0.0:8009 keyfile=/etc/ssl/servercerts/<your serverkey file name>.pem certfile=/etc/ssl/servercerts/<your servercert file name>.pem
iMonitor:
Use Console1 or iManager to locate the object in the server's context labeled "Http Server - <your server name> and examine the properties of that item.
If using C1, select the "Other" tab, find the attribute in the left column labeled "httpKeyMaterialObject", expand the attribute to show its target and navigate to the certificate you imported.
In iManager, you'll see the same attribute in the left-side column. Double-click on the attribute and navigate to your imported cert.
Restart apache2 (apache2ctl restart) and tomcat6 (service novell-tomcat6 restart) to activate the changes for the main web page and iManager.
You'll need to restart eDirectory (rcndsd restart) to activate the changes for iMonitor, so understand the disruption that could cause if you've only got one server running eDirectory.
Restarting the server will, of course, take care of all 3.