Hi Guys,
I need to export a private key so I can import it in to another suse linux server so I can use the same GoDaddy certificate with my DataSync.
How would I do it?
Cheers
John
[QUOTE=jbrines;3133]Hi Guys,
I need to export a private key so I can import it in to another suse linux server so I can use the same GoDaddy certificate with my DataSync.
How would I do it?
Cheers
John[/QUOTE]
Hi John,
Do you mean you already have a certificate running on another (SLES) server that you want to reuse on the other (DataSync) server?
Where is your current certificate running now? (Apache/Tomcat) …and what OS?
Cheers,
Willem
[QUOTE=Magic31;3147]Hi John,
Do you mean you already have a certificate running on another (SLES) server that you want to reuse on the other (DataSync) server?
Where is your current certificate running now? (Apache/Tomcat) …and what OS?
Cheers,
Willem[/QUOTE]
Hi Willem,
yes that is the case, GoDaddy told us that we have to export the private key and then import it in to the other SLES server.
The Certificate is appache and runnling SLES 11
Cheers
John.
John,
if you’re talking about the certificate you’re using to run your own HTTPS server, then check the config file of your Apache server (probably /etc/apache2/vhosts.d/ssl.conf) for the “SSLCertificateFile” and “SSLCertificateKeyFile” statements - the former points to the currently used public certificate file of your server, the latter to the corresponding private key file. There’s no need to “export” that key - you can simply copy the file(s) to the new server and adjust the SSL configuration there accordingly.
Typically, the certificate is bound to the DNS name of the service, as used by the client to connect to the server. But I assume that you are moving the https service from one machine to the other and will change the DNS entry (or NAT entry or whatever) to set that straight.
Regards,
Jens
[QUOTE=jmozdzen;3189]John,
if you’re talking about the certificate you’re using to run your own HTTPS server, then check the config file of your Apache server (probably /etc/apache2/vhosts.d/ssl.conf) for the “SSLCertificateFile” and “SSLCertificateKeyFile” statements - the former points to the currently used public certificate file of your server, the latter to the corresponding private key file. There’s no need to “export” that key - you can simply copy the file(s) to the new server and adjust the SSL configuration there accordingly.
Typically, the certificate is bound to the DNS name of the service, as used by the client to connect to the server. But I assume that you are moving the https service from one machine to the other and will change the DNS entry (or NAT entry or whatever) to set that straight.
Regards,
Jens[/QUOTE]
Hi Jens,
We have two SLES servers both running Groupwise datasync, we want to run both of them for a while so as to make sure that everything is working fine before rebuilding the older one.
So basically I copy the file to the newer server and do I have to import it in after I have edited it?
If so how do I import it?
Cheers
John.
[QUOTE=jbrines;3193]Hi Jens,
We have two SLES servers both running Groupwise datasync, we want to run both of them for a while so as to make sure that everything is working fine before rebuilding the older one.
So basically I copy the file to the newer server and do I have to import it in after I have edited it?
If so how do I import it?
Cheers
John.[/QUOTE]
Hi John,
What Jens mentions is correct where Apache is concerned.
With Novell DataSync the main certificate you are after is the one used to have your devices sync with. This is held in the mobility.pem file found under /var/lib/datasync/device/.
Just copy that mobility.pem file over to the new server, restart the datasync services or mobility connector - and both servers will be running with the same certificate.
Important thing is that when devices are connecting to the old/new Mobility/DataSync server, they are doing so using the CN as specified in the certificate. Otherwise the certificate will still be seen as invalid.
Cheers,
Willem
Willem,
thanks for jumping in - I have absolutely no experience with Groupwise… and just jumped on the Apache hint in the answer to your first question:
The Certificate is appache and runnling SLES 11
Luckily this is a forum so such misunderstandings get corrected quickly 
Regards,
Jens
[QUOTE=Magic31;3195]Hi John,
What Jens mentions is correct where Apache is concerned.
With Novell DataSync the main certificate you are after is the one used to have your devices sync with. This is held in the mobility.pem file found under /var/lib/datasync/device/.
Just copy that mobility.pem file over to the new server, restart the datasync services or mobility connector - and both servers will be running with the same certificate.
Important thing is that when devices are connecting to the old/new Mobility/DataSync server, they are doing so using the CN as specified in the certificate. Otherwise the certificate will still be seen as invalid.
Cheers,
Willem[/QUOTE]
Hi Willem,
I did what you suggested but that didn’t seem to work as we got an 0x80072f7d error, that is why we contacted GoDaddy and they told up about exporting from old server and importing to the new one.
I will give it another go and see if it works.
John.
[QUOTE=jbrines;3216]Hi Willem,
I did what you suggested but that didn’t seem to work as we got an 0x80072f7d error, that is why we contacted GoDaddy and they told up about exporting from old server and importing to the new one.
I will give it another go and see if it works.
John.[/QUOTE]
Hmmm… I could be making an error there, as the difference could be that the key file was generated on anther server (the original one). From my thinking the mobility.pem file should contain the original key file (with or without password) + server cert + root CA + intermediates.
I’ll give this a try with a test server.
Curious, when having transferred the mobility.pem & restarting the service/connector on DataSync. Have you tried opening an browser on a workstation and point it to https://. Is the browser also throwing an error and/or do you at least get an option to look at the certificate the server is presenting to your browser?
-Willem