Create SSL on iPlanet

Guide on making certificate key & SSL database for iPlanet

 

this is based on Linux installed Oracle iPlanet Web Server version 7.0

 

Find the configuration file folder

cd ~/iPlanetHomeDirectory/https-instance_name/config/

 

List the certificates installed in the directory

certutil -L -d . 

 

Read the current SSL parameters from above list

certutil -L -d . -n “certificateName”

 

*There can only be one database per directory!

 

 

Here’s how we are going to create a new database set

 

Make a new directory

mkdir newcert

 

Change directory to the new directory we created

cd newcert

 

Creating new database on current directory

certutil -N -d .

 

Creating new CSR file for new SSL

certutil -R -d . -g 2048 -Z SHA256 -a -o site.csr -s ‘C=CA,ST=Ontario, L=Mississauga, O=Organization, CN=blog.marvins.work’

 

C stands for country

ST stands for state

L stands for local a.k.a. city

O stands for organization

CN stands for comman name a.k.a. domain name

 

Purchasing SSL certificate from certificate authority (CA)

upload the new CSR you created above and receive CRT

 

To install signed CRT certificate

 

Go to the target directory where database is stored

cd newcert

 

Add the new SSL into the database

certutil -A -n CertName -t ‘,,’ -d . -a -i signedcertificate.cert

 

Note

Make sure the server.xml file is pointing to the new SSL database directory, and reload the web instance to update the new SSL go effective. Make sure the name you given on above “CertName” matches the configuration files.