PDA

View Full Version : Export a Private key from SUSE Linux



jbrines
16-Mar-2012, 11:53
Hi Guys,

I need to export a private key so I can import it in to another suse linux server so I can use the same GoDaddy certificate with my DataSync.

How would I do it?

Cheers

John

Magic31
16-Mar-2012, 14:44
Hi Guys,

I need to export a private key so I can import it in to another suse linux server so I can use the same GoDaddy certificate with my DataSync.

How would I do it?

Cheers

John

Hi John,

Do you mean you already have a certificate running on another (SLES) server that you want to reuse on the other (DataSync) server?

Where is your current certificate running now? (Apache/Tomcat) ...and what OS?

Cheers,
Willem

jbrines
16-Mar-2012, 14:52
Hi John,

Do you mean you already have a certificate running on another (SLES) server that you want to reuse on the other (DataSync) server?

Where is your current certificate running now? (Apache/Tomcat) ...and what OS?

Cheers,
Willem

Hi Willem,

yes that is the case, GoDaddy told us that we have to export the private key and then import it in to the other SLES server.

The Certificate is appache and runnling SLES 11

Cheers

John.

jmozdzen
18-Mar-2012, 15:55
John,

if you're talking about the certificate you're using to run your own HTTPS server, then check the config file of your Apache server (probably /etc/apache2/vhosts.d/ssl.conf) for the "SSLCertificateFile" and "SSLCertificateKeyFile" statements - the former points to the currently used public certificate file of your server, the latter to the corresponding private key file. There's no need to "export" that key - you can simply copy the file(s) to the new server and adjust the SSL configuration there accordingly.

Typically, the certificate is bound to the DNS name of the service, as used by the client to connect to the server. But I assume that you are moving the https service from one machine to the other and will change the DNS entry (or NAT entry or whatever) to set that straight.

Regards,
Jens

jbrines
19-Mar-2012, 08:57
John,

if you're talking about the certificate you're using to run your own HTTPS server, then check the config file of your Apache server (probably /etc/apache2/vhosts.d/ssl.conf) for the "SSLCertificateFile" and "SSLCertificateKeyFile" statements - the former points to the currently used public certificate file of your server, the latter to the corresponding private key file. There's no need to "export" that key - you can simply copy the file(s) to the new server and adjust the SSL configuration there accordingly.

Typically, the certificate is bound to the DNS name of the service, as used by the client to connect to the server. But I assume that you are moving the https service from one machine to the other and will change the DNS entry (or NAT entry or whatever) to set that straight.

Regards,
Jens

Hi Jens,

We have two SLES servers both running Groupwise datasync, we want to run both of them for a while so as to make sure that everything is working fine before rebuilding the older one.

So basically I copy the file to the newer server and do I have to import it in after I have edited it?

If so how do I import it?

Cheers

John.

Magic31
19-Mar-2012, 10:20
Hi Jens,

We have two SLES servers both running Groupwise datasync, we want to run both of them for a while so as to make sure that everything is working fine before rebuilding the older one.

So basically I copy the file to the newer server and do I have to import it in after I have edited it?

If so how do I import it?

Cheers

John.

Hi John,

What Jens mentions is correct where Apache is concerned.

With Novell DataSync the main certificate you are after is the one used to have your devices sync with. This is held in the mobility.pem file found under /var/lib/datasync/device/.

Just copy that mobility.pem file over to the new server, restart the datasync services or mobility connector - and both servers will be running with the same certificate.

Important thing is that when devices are connecting to the old/new Mobility/DataSync server, they are doing so using the CN as specified in the certificate. Otherwise the certificate will still be seen as invalid.

Cheers,
Willem

jmozdzen
19-Mar-2012, 10:36
Willem,

thanks for jumping in - I have absolutely *no* experience with Groupwise... and just jumped on the Apache hint in the answer to your first question:

> The Certificate is appache and runnling SLES 11

Luckily this is a forum so such misunderstandings get corrected quickly :-)

Regards,
Jens

jbrines
19-Mar-2012, 16:56
Hi John,

What Jens mentions is correct where Apache is concerned.

With Novell DataSync the main certificate you are after is the one used to have your devices sync with. This is held in the mobility.pem file found under /var/lib/datasync/device/.

Just copy that mobility.pem file over to the new server, restart the datasync services or mobility connector - and both servers will be running with the same certificate.

Important thing is that when devices are connecting to the old/new Mobility/DataSync server, they are doing so using the CN as specified in the certificate. Otherwise the certificate will still be seen as invalid.

Cheers,
Willem

Hi Willem,

I did what you suggested but that didn't seem to work as we got an 0x80072f7d error, that is why we contacted GoDaddy and they told up about exporting from old server and importing to the new one.

I will give it another go and see if it works.

John.

Magic31
19-Mar-2012, 19:02
Hi Willem,

I did what you suggested but that didn't seem to work as we got an 0x80072f7d error, that is why we contacted GoDaddy and they told up about exporting from old server and importing to the new one.

I will give it another go and see if it works.

John.

Hmmm... I could be making an error there, as the difference could be that the key file was generated on anther server (the original one). From my thinking the mobility.pem file should contain the original key file (with or without password) + server cert + root CA + intermediates.

I'll give this a try with a test server.

Curious, when having transferred the mobility.pem & restarting the service/connector on DataSync. Have you tried opening an browser on a workstation and point it to https://<your datasync servers.domain.com>. Is the browser also throwing an error and/or do you at least get an option to look at the certificate the server is presenting to your browser?

-Willem