Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007 Installation Manual page 833

42.2.7 Exporting CA Objects as a File
If you have set up a repository on the computer for administering CAs, you can use this
option to create the CA objects directly as a file at the correct location. Different output
formats are available, such as PEM, DER, and PKCS12. In the case of PEM, it is also
possible to choose whether a certificate should be exported with or without key and
whether the key should be encrypted. In the case of PKCS12, it is also possible to export
the certification path.
Export a file in the same way for certificates, CAs, and CRLs as with LDAP, described
in Section 42.2.6, "Exporting CA Objects to LDAP "
select Export as File instead of Export to LDAP. This then takes you to a dialog for
selecting the required output format and entering the password and filename. The cer-
tificate is stored at the required location after you click OK.
TIP
You can select any storage location in the file system. This option can also be
used to save CA objects on a transport medium, such as a USB stick. The
/media directory generally holds any type of drive except the hard drive of
your system.
42.2.8 Importing Common Server
Certificates
If you have exported a server certificate with YaST to your media on an isolated CA
management computer, you can import this certificate on a server as a common server
certificate. Do this during installation or at a later point with YaST.
NOTE
You need one of the PKCS12 formats to import your certificate successfully.
The general server certificate is stored in /etc/ssl/servercerts and can be used
there by any CA-supported service. When this certificate expires, it can easily be replaced
using the same mechanisms. To get things functioning with the replaced certificate,
restart the participating services.
(page 813), except you should
Managing X.509 Certification 815