CSR AND CERTIFICATE INSTALLATION GUIDE FOR NOVELL ICHAIN
HOW TO GENERATE A CSR IN NOVELL ICHAIN 2.2 OR 2.3 WEB SERVER
1. Open the iChain Admin GUI and click on Home -> Certificate Maintenance.
2. Click on the Create button.
3. Choose 'Use External Certificate Authority'.
4. Enter in the following information:
- Certificate Name: A name to help you identify the certificate
- Subject Name: The domain name the certificate will secure
- Organizational Unit: Your department
- Organization: Your organization's name
- City, State, and Country: Usually the location of your organization's main office
5. Choose 'RSA encryption with SHA1 Hash' as the signature algorithm.
6. Select 2048bits for your key size.
7. Choose to use an external certificate authority and fill out your company information.
8. Click OK, and then 'Apply'.
9. After Applying, find the certificate listed under "Certificate Name." The status will show as "CSR in process."
10. Click on 'View CSR' and copy the full contents to your clipboard.
11. This will generate your new CSR. Copy and paste the new CSR including the 'Begin' and 'End' lines to the TRUSTZONE order form. When placing your order, choose 'OTHER' as the server type.
12. After you receive your SSL Certificate from TRUSTZONE, you can install it.
HOW TO GENERATE A CSR IN PREVIOUS VERSIONS OF NOVELL ICHAIN WEB SERVER
1. In your web-browser, start the IChain Manager by typing:
2. Choose the Home-Certificate Maintenance tab, then click on Create.
3. Enter your DN information in the appropriate fields, and click OK.
4. Clicking 'Apply' will then create your CSR.
5. Choose 'View the CSR' to copy and paste the CSR (including the BEGIN and END tags) into the TRUSTZONE order form.
INSTALLING YOUR CERTIFICATE IN OLDER VERSIONS OF NOVELL I-CHAIN
1. Download the SSL, Intermediate, and Root certificate files from your TRUSTZONE account.
2. You'll need to create a single SSL certificate from the intermediate and root certificates. To do so, open a text editor (like NotePad), and paste in the contents of your intermediate certificate. Then paste in the contents of the root certificate. (In both cases, you must include the BEGIN and END tags.) Save this new certificate as trustzonebundle.pem
3. Now, go to ConsoleOne and open the ICS container for your iChain server, and open the certificate.
4. Under the Certificates tab, click on Import. Then choose Read from File, and find the new trustzonebundle.pem certificate you created.
5. Hit Next. Choose Read from File, and browse to your TRUSTZONE SSL certificate (your_domain_name.crt), then click Finish.
If you get an error stating that the certificate's subject does not match the object's subject, do the following:
- Accept the certificate.
- On the iChain server click on Apply. This will install the certificate, but give you an error 1240. Now open the accelerator for the website you're securing. In the Certificate drop-down menu (in the Secure Exchange area), the certificate should be available. Select it, click OK and Apply.
- Refresh the Management display if it does not do so automatically. The site is now secured.
NOVELL I-CHAIN SSL CERTIFICATE INSTALLATION
Note: iChain is an 'End of Life' product that is no longer supported by Novell. It has been replaced by the Novell Access Manager. Because iChain is an older product, it does not support installing multiple intermediate certificates through the Admin GUI. However, by following these instructions, you can install the certificate and configure it to send all the intermediate certificates that the clients may need to verify the certificate is valid.
1. Extract the ZIP file containing the TRUSTZONE signed certificate. You should have four certificate files:
- Server Certificate, e.g., www_domain_com.crt
2. Download the TRUSTZONE Trusted Root
3. In the iChain Admin GUI, click on Home -> Certificate Maintenance, and select the Certificate Name. The status of the certificate should be 'CSR in process'.
4. Click on Store Certificate, then open the following certificate files with a text editor, and paste them in the appropriate fields:
- CA Certificate Contents =TRUSTZONE_EVRootCA.crt (downloaded in Step 2)
- Intermediate Certificate Contents = IntermediateCA.crt (make sure the 'Include intermeidate certificate' checkbox is checked)
- Server Certificate Contents = Server Certificate, ex. www_domain_com.crt
Note: you will NOT paste the contents of IntermediateCA2.crt at this time. Hold on to it for later.
5. Click on 'Create' then 'Apply'. The certificate status should change to 'Active'.
6. The certificate is now installed ready to be assigned to the accelerators.
CERTIFICATE CHAIN INSTALLATION
Note: that these steps are only required if you received a IntermediateCA2.crt file.
1. Open ConsoleOne and log into the Tree where the iChain Service Object is located.
2. Locate and right-click on iChain's trusted root store, and click on 'New' then 'Object'.
3. Choose 'NDSPKI: Trusted Root Object' and click 'OK'.
4. Type in an NDS Object Name, such as TrustzoneBridge, and Paste in the contents of IntermediateCA2.crt (or Read from File), and click 'Finish'.
5. Open the iChain GUI, go to Configure -> Access Control, and click on 'Refresh ACLCHECK'.
Wait about a minute, then you can check if the chain is correctly installed using the TRUSTZONE SSL Labs. Your TRUSTZONE certificate files should now be installed and properly configured.
Last updated: August 17, 2017