Results 1 to 9 of 9

Thread: Export a Private key from SUSE Linux

  1. #1

    Question Export a Private key from SUSE Linux

    Hi Guys,

    I need to export a private key so I can import it in to another suse linux server so I can use the same GoDaddy certificate with my DataSync.

    How would I do it?

    Cheers

    John

  2. #2

    Re: Export a Private key from SUSE Linux

    Quote Originally Posted by jbrines View Post
    Hi Guys,

    I need to export a private key so I can import it in to another suse linux server so I can use the same GoDaddy certificate with my DataSync.

    How would I do it?

    Cheers

    John
    Hi John,

    Do you mean you already have a certificate running on another (SLES) server that you want to reuse on the other (DataSync) server?

    Where is your current certificate running now? (Apache/Tomcat) ...and what OS?

    Cheers,
    Willem
    Knowledge Partner (voluntary sysop)
    ---
    If you find a post helpful and are logged into the web interface,
    please show your appreciation and click on the star below it. Thanks!

  3. #3

    Re: Export a Private key from SUSE Linux

    Quote Originally Posted by Magic31 View Post
    Hi John,

    Do you mean you already have a certificate running on another (SLES) server that you want to reuse on the other (DataSync) server?

    Where is your current certificate running now? (Apache/Tomcat) ...and what OS?

    Cheers,
    Willem
    Hi Willem,

    yes that is the case, GoDaddy told us that we have to export the private key and then import it in to the other SLES server.

    The Certificate is appache and runnling SLES 11

    Cheers

    John.

  4. Re: Export a Private key from SUSE Linux

    John,

    if you're talking about the certificate you're using to run your own HTTPS server, then check the config file of your Apache server (probably /etc/apache2/vhosts.d/ssl.conf) for the "SSLCertificateFile" and "SSLCertificateKeyFile" statements - the former points to the currently used public certificate file of your server, the latter to the corresponding private key file. There's no need to "export" that key - you can simply copy the file(s) to the new server and adjust the SSL configuration there accordingly.

    Typically, the certificate is bound to the DNS name of the service, as used by the client to connect to the server. But I assume that you are moving the https service from one machine to the other and will change the DNS entry (or NAT entry or whatever) to set that straight.

    Regards,
    Jens

  5. #5

    Re: Export a Private key from SUSE Linux

    Quote Originally Posted by jmozdzen View Post
    John,

    if you're talking about the certificate you're using to run your own HTTPS server, then check the config file of your Apache server (probably /etc/apache2/vhosts.d/ssl.conf) for the "SSLCertificateFile" and "SSLCertificateKeyFile" statements - the former points to the currently used public certificate file of your server, the latter to the corresponding private key file. There's no need to "export" that key - you can simply copy the file(s) to the new server and adjust the SSL configuration there accordingly.

    Typically, the certificate is bound to the DNS name of the service, as used by the client to connect to the server. But I assume that you are moving the https service from one machine to the other and will change the DNS entry (or NAT entry or whatever) to set that straight.

    Regards,
    Jens
    Hi Jens,

    We have two SLES servers both running Groupwise datasync, we want to run both of them for a while so as to make sure that everything is working fine before rebuilding the older one.

    So basically I copy the file to the newer server and do I have to import it in after I have edited it?

    If so how do I import it?

    Cheers

    John.

  6. #6

    Re: Export a Private key from SUSE Linux

    Quote Originally Posted by jbrines View Post
    Hi Jens,

    We have two SLES servers both running Groupwise datasync, we want to run both of them for a while so as to make sure that everything is working fine before rebuilding the older one.

    So basically I copy the file to the newer server and do I have to import it in after I have edited it?

    If so how do I import it?

    Cheers

    John.
    Hi John,

    What Jens mentions is correct where Apache is concerned.

    With Novell DataSync the main certificate you are after is the one used to have your devices sync with. This is held in the mobility.pem file found under /var/lib/datasync/device/.

    Just copy that mobility.pem file over to the new server, restart the datasync services or mobility connector - and both servers will be running with the same certificate.

    Important thing is that when devices are connecting to the old/new Mobility/DataSync server, they are doing so using the CN as specified in the certificate. Otherwise the certificate will still be seen as invalid.

    Cheers,
    Willem
    Knowledge Partner (voluntary sysop)
    ---
    If you find a post helpful and are logged into the web interface,
    please show your appreciation and click on the star below it. Thanks!

  7. Re: Export a Private key from SUSE Linux

    Willem,

    thanks for jumping in - I have absolutely *no* experience with Groupwise... and just jumped on the Apache hint in the answer to your first question:

    > The Certificate is appache and runnling SLES 11

    Luckily this is a forum so such misunderstandings get corrected quickly :-)

    Regards,
    Jens

  8. #8

    Re: Export a Private key from SUSE Linux

    Quote Originally Posted by Magic31 View Post
    Hi John,

    What Jens mentions is correct where Apache is concerned.

    With Novell DataSync the main certificate you are after is the one used to have your devices sync with. This is held in the mobility.pem file found under /var/lib/datasync/device/.

    Just copy that mobility.pem file over to the new server, restart the datasync services or mobility connector - and both servers will be running with the same certificate.

    Important thing is that when devices are connecting to the old/new Mobility/DataSync server, they are doing so using the CN as specified in the certificate. Otherwise the certificate will still be seen as invalid.

    Cheers,
    Willem
    Hi Willem,

    I did what you suggested but that didn't seem to work as we got an 0x80072f7d error, that is why we contacted GoDaddy and they told up about exporting from old server and importing to the new one.

    I will give it another go and see if it works.

    John.

  9. #9

    Re: Export a Private key from SUSE Linux

    Quote Originally Posted by jbrines View Post
    Hi Willem,

    I did what you suggested but that didn't seem to work as we got an 0x80072f7d error, that is why we contacted GoDaddy and they told up about exporting from old server and importing to the new one.

    I will give it another go and see if it works.

    John.
    Hmmm... I could be making an error there, as the difference could be that the key file was generated on anther server (the original one). From my thinking the mobility.pem file should contain the original key file (with or without password) + server cert + root CA + intermediates.

    I'll give this a try with a test server.

    Curious, when having transferred the mobility.pem & restarting the service/connector on DataSync. Have you tried opening an browser on a workstation and point it to https://<your datasync servers.domain.com>. Is the browser also throwing an error and/or do you at least get an option to look at the certificate the server is presenting to your browser?

    -Willem
    Knowledge Partner (voluntary sysop)
    ---
    If you find a post helpful and are logged into the web interface,
    please show your appreciation and click on the star below it. Thanks!

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •