SSL Certificate Installation in IChain
iChain is an "End of Life" product that is no longer supported by Novell. It has been replaced by the Novell Access Manager.
Because iChain is an older product, it does not support installing multiple intermediate certificates through the Admin GUI. However, by following these instructions, you can install the certificate and configure it to send all the intermediate certificates that the clients may need to verify the certificate is valid.
If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see
SSL Certificate CSR Creation :: Novell IChain.
Installing your Certificate in Novell IChain 2.2 or 2.3
-
Extract the ZIP file containing the ¶ºÒõ¹Ý signed certificate. You should have four certificate files:
Server Certificate, e.g., www_domain_com.crt
¶ºÒõ¹ÝCA.crt
¶ºÒõ¹ÝCA2.crt
TrustedRoot.crt -
Download the :
-
In the iChain Admin GUI, click on Home -> Certificate Maintenance, and select the Certificate Name. The status of the certificate should be "CSR in process."
-
Click on Store Certificate, then open the following certificate files with a text editor, and paste them in the appropriate fields:
CA Certificate Contents = ¶ºÒõ¹ÝHighAssuranceEVRootCA.crt (downloaded in Step 2)
Intermediate Certificate Contents = ¶ºÒõ¹ÝCA.crt (make sure the "Include intermeidate certificate" checkbox is checked)
Server Certificate Contents = Server Certificate, ex. www_domain_com.crt
Note: you will NOT paste the contents of ¶ºÒõ¹ÝCA2.crt at this time. Hold on to it for later.
-
Click on "Create" then "Apply." The certificate status should change to "Active."
-
The certificate is now installed ready to be assigned to the accelerators.
Certificate Chain installation:
Note that these steps are only required if you received a ¶ºÒõ¹ÝCA2.crt file.
-
Open ConsoleOne and log into the Tree where the iChain Service Object is located.
-
Locate and right-click on iChain's trusted root store, and click on "New" then "Object."
-
Choose "NDSPKI: Trusted Root Object" and click "OK."
-
Type in an NDS Object Name, such as ¶ºÒõ¹ÝBridge," and Paste in the contents of ¶ºÒõ¹ÝCA2.crt (or Read from File), and click "Finish."
-
Open the iChain GUI, go to Configure -> Access Control, and click on "Refresh ACLCHECK."
Wait about a minute, then you can check if the chain is correctly installed using the ¶ºÒõ¹Ý SSL Checker Tool. Your ¶ºÒõ¹Ý certificate files should now be installed and properly configured.
Installing your Certificate in older versions of Novell Ichain
-
Download the Primary, Intermediate, and Root certificate files from your ¶ºÒõ¹Ý account.
-
You'll need to create a single SSL Certificate from the intermediate and root certificates. To do so, open a text editor (like NotePad), and paste in the contents of your intermediate certificate. Then paste in the contents of the root certificate. (In both cases, you must include the BEGIN and END tags.) Save this new certificate as ¶ºÒõ¹Ýbundle.pem
-
Now, go to ConsoleOne and open the ICS container for your iChain server, and open the certificate.
-
Under the Certificates tab, click on Import. Then choose Read from File, and find the new ¶ºÒõ¹Ýbundle.pem certificate you created.
-
Hit Next. Choose Read from File, and browse to your ¶ºÒõ¹Ý SSL certificate (your_domain_name.crt), then click Finish.
If you get an error stating that the certificate's subject does not match the object's subject, do the following:
Accept the certificate.
On the iChain server click on Apply. This will install the certificate, but give you an error 1240. Now open the accelerator for the website you're securing. In the Certificate drop-down menu (in the Secure Exchange area), the certificate should be available. Select it, click OK and Apply.
Refresh the Management display if it does not do so automatically. The site is now secured.
Installing your SSL Certificates in Novell IChain Server
How to install your Digital SSL Certificate.