Datasheet

“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 632 — #658

Note

You can select any storage location in the ﬁle system. This option

can also be used to save CA objects on a USB stack as transport

medium for example.

Note

Exporting Certiﬁcates to Floppy

YaST also allows certiﬁcates (but not CAs or CRLs) to be exported to a

ﬂoppy. The point of this option is the convenient transport of server cer-

tiﬁcates from an isolated CA computer to a server that should use these

certiﬁcates. This YaST function is the counterpart of a special YaST module

that only serves to import certiﬁcates exported in this way onto the server

(see the next section).

For ﬂoppy export, ﬁrst enter the CA containing the certiﬁcates to export

and select ‘Certiﬁcates’. Select the required certiﬁcate in the list and export

it with ‘Export’ ➝ ‘Export to Floppy’. The next dialog asks you to insert

a ﬂoppy and enter the new PKCS12 password. After you click ‘Next’, the

certiﬁcate is written to the ﬂoppy.

Importing General Server Certiﬁcates

If you have exported a server certiﬁcate to ﬂoppy on an isolated CA man-

agement computer with YaST, you can import this certiﬁcate on a server as

a general server certiﬁcate. Do this during installation or at a later point with

the YaST module ‘Import General Server Certiﬁcate’ in the YaST control

center under ‘Security and Users’. The general server certiﬁcate is stored in

/etc/ssl/servercerts and can be used there by any CA-supported

service. When this certiﬁcate lapses, it can easily be replaced using the

same mechanisms. The only remaining administrative effort required is

the restart of the participating services.

After the module has been started, see the data for the current certiﬁcate in

the description ﬁeld. For import, select ‘Import’ ➝ ‘From Floppy’ and insert

the appropriate ﬂoppy. After entering the certiﬁcate password and clicking

‘Next’, the certiﬁcate is imported then displayed in the description ﬁeld.

632 26.1. X.509 Certiﬁcation with YaST