Renew SSL on iPlanet

, , , , , 0

Here’s the guide on how to renew SSL on iPlanet web server

 

this is based on Linux installed Oracle iPlanet Web Server version 7.0

 

Find the configuration file folder

cd ~/iPlanetHomeDirectory/https-instance_name/config/

 

List the certificates installed in the directory

certutil -L -d . 

 

Read the current SSL parameters from above list

certutil -L -d . -n “certificateName”

 

*There can only be one database per directory!

 

Export the certificate using name from above list

pk12util -o /root/certificateNameToBeSaved.p12 -d . -n “certificateName”

 

Pulling the key out of the current (exported) certificate

openssl pkcs12 -in /root/certificateNameToBeSaved.p12 -out /root/certificateNameToBeSaved.key -nocerts -nodes

 

Make new csr file to renew from certificate authority (CA)

openssl req -new -key /root/certificateNameToBeSaved.key -out certificateToBeSaved.csr

 

Go to the certificate authority (CA) and complete the purchase!

 

Install the new certificate via iPlanet Web GUI

-click set passwords under certificates to list all

-click install and put in the new cer received

-make sure to deploy and check the 2nd option to save previous work done

 

How to make pem certificate

pk12util -o /root/certificateNameToBeSaved.p12 -d . -n “certificateName” ” (pulling after applying)

openssl pkcs12 -in /root/certificateToBeExported.p12 -out certificateName.pem

 

How to make pfx certificate

openssl pkcs12 -inkey certificateKey.key -in certificate.cer -export -out newCertificate.pfx

 

How to convert certificate from p12 format to pem format

openssl pkcs12 -in certificate.p12 -out certificate_exported.pem

 

How to convert pem certificate to p12 format

openssl pkcs12 -export -out certificate_exported.p12 -in certificate.pem -inkey certificateKey.key

 

How to convert certificate from pem format to pfx format

Option #1

openssl pkcs12 -export -out certificate_exported.pfx -inkey server.key -in server.crt -certfile IntermediateCA.crt

 

Option #2

openssl pkcs12 -inkey certificate_exported.pem -in certificate_x509_format.txt -export -out certificate_exported.pfx