Article Content
Article Number | 000025831 |
Applies To | Sun Solaris 2.8 iPlanet Directory Server |
Issue | How to migrate certificate and key from OpenSSL format to iPlanet cert7.db and key3.db Needs help installing the server certificate in iPlanet Migrating certificate into iPlanet Directory Server |
Cause | Since the private key is not stored in the iPlanet certificate and key database, the iPlanet Console will not allow you to install the certificate |
Resolution | Below are the steps to convert the certificate from and OpenSSL request to iPlanet: 1. Start with a PEM encoded certificate file and a PEM encoded private key file 2. Convert the two PEM-encoded files to a single pkcs12 file: openssl pkcs12 -export -in path/to/file.crt -inkey /path/to/file.key -out /path/to/file.p12 -name "fqdn.hostname.com" -nodes 3. Convert p12 file to iPlanet cert7.db and key3.db files: pk12util -i /path/to/file.p12 -d /directory/to/output/db/files/ 4. Move the cert7.db and key3.db files to the iPlanet Directory Server; replace the slapd-instance_name-cert7.db and slapd-instance_name-key3.db 5. Restart iPlanet Directory Server instance |
Legacy Article ID | a17746 |