Installing an SSL certificate on Novell iChain

Part one: Download and save your certificates

1. Open the email we sent you, that contains the certificate for your domain name.

2. Copy the certificate, including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines.

3. Paste the certificate into a blank document in a text editor. Use an editor that will not add characters, such as TextPad.

4. Save the document. We recommend that you name it YourDomainName.crt and save it in your Web server's default directory for SSL certificates.

   We recommend that you also back up your certificate on another computer or storage device.

5. Confirm which certificate you purchased, and determine which set of Root and Intermediate certificates to download.

   To confirm which certificate you purchased, review your order confirmation.

   • If you purchased SBS Instant, download set A below.

   • If you purchased SBS Secure or Secure Plus, download set B below.

   A -- SBS Instant

   • Instant Validation SBS Intermediate 2 CA
   • Instant Validation AddTrust Intermediate 1 CA
   • Instant Validation UTN Global Root CA

   -OR-

   B -- SBS Secure and Secure Plus

   • Full Validation Intermediate CA
   • Full Validation AddTrust Root CA

6. Download the Root-Intermediate set for your domain name certificate. To download, right-click each certificate file name and select Save Target As.

   Save the Root and Intermediate certificates to the same directory where you saved the certificate for your domain name.

Part two: Build your certificate chain

In order for visitors' browsers to recognize your certificate as authentic and trustworthy, you must install it with the Intermediate and Root certificates that tie it to its issuing Certification Authority. The following procedure builds a chain from the individual Intermediate and Root certificates.

1. Open the lowest-ranking Intermediate certificate in Notepad. For SBS Instant, this is *Intermediate2CA.crt; for SBS Secure or Secure Plus, it's *Intermediate3.crt.
2. Open a blank document in a text editor and paste the contents of the Intermediate certificate.
3. If you purchased SBS Instant, copy and paste the contents of *Intermediate1CA.crt below *Intermediate2CA.crt.
4. Open the Root certificate in and copy the entire contents.

5. Paste the contents of the Root certificate into the new text document below the Intermediate certificate(s).

   Include the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines, separate one cert from the next with a single CRLF, and make sure no extra characters are added.

   For example, if you purchased SBS Instant, your certificate chain will look like this:

   -----BEGIN CERTIFICATE-----
   InstantValidationSBSIntermediate2CA.crt
   -----END CERTIFICATE-----
   -----BEGIN CERTIFICATE-----
   InstantValidationAddTrustUTNServerIntermediate1CA.crt
   -----END CERTIFICATE-----
   -----BEGIN CERTIFICATE-----
   InstantValidationUTN-USERFirst-HardwareGlobalRoot.crt
   -----END CERTIFICATE-----

6. Save the new certificate chain as SBSCertChain.pem.

Part three: Install your certificate on newer versions of Novell iChain

1. Open the Store Certificates window in iChain.
2. In a text editor, open the certificate chain that you built.
3. Copy and paste the certificate chain into the CA Certificates Content text box.
4. In a text editor, open the certificate for your domain name.
5. Copy and paste the contents of your domain certificate into the Server Certificate Contents text box.
6. Click Create.

Part three (alternate): Install your certificates on older versions of Novell iChain

1. Open ConsoleOne and open the ICS container for the iChain server.

2. Open the certificate.

   

3. Click the Certificates tab and then click Import.

   

4. Click Read from file and browse to the certificate chain you built.
5. Click Next.
6. Click Read from file and browse to the certificate for your domain name or paste it into the window supplied.

7. Click Finish to install the certificate.

   You may get an error stating that the subject in the certificate does not match the subject in the object (CSR). This is due to additional OUs in the certificate. Accept the certificate anyway.

   If a validation is attempted on the certificate in ConsoleOne it will produce an error stating Unable to validate the certificate chain to a root certificate.

8. On the iChain server click Apply.

   The certificate will be installed but will display a warning stating -1240 Certificate failed parsing - may need external certificate.

9. Open the accelerator for the Web site. The Certificate dropdown item in the Secure Exchange portion will now have the certificate available. Select the new certificate, click OK and then Apply.

   When the Management display is refreshed the Web site will be secured with the new certificate.