000025831 - How to migrate certificate and key from OpenSSL format to iPlanet cert7.db and key3.db

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025831
Applies ToSun Solaris 2.8
iPlanet Directory Server
IssueHow to migrate certificate and key from OpenSSL format to iPlanet cert7.db and key3.db
Needs help installing the server certificate in iPlanet
Migrating certificate into iPlanet Directory Server
CauseSince the private key is not stored in the iPlanet certificate and key database, the iPlanet Console will not allow you to install the certificate
ResolutionBelow are the steps to convert the certificate from and OpenSSL request to iPlanet:

1. Start with a PEM encoded certificate file and a PEM encoded private key file

2. Convert the two PEM-encoded files to a single pkcs12 file:
        openssl pkcs12 -export -in path/to/file.crt -inkey /path/to/file.key -out /path/to/file.p12 -name "fqdn.hostname.com" -nodes

3. Convert p12 file to iPlanet cert7.db and key3.db files:
        pk12util -i /path/to/file.p12 -d /directory/to/output/db/files/

4. Move the cert7.db and key3.db files to the iPlanet Directory Server; replace the slapd-instance_name-cert7.db and slapd-instance_name-key3.db

5. Restart iPlanet Directory Server instance
Legacy Article IDa17746

Attachments

    Outcomes