Export a Tree's CA for use in external systems

* The SSLCertificateFile will be public-key.pem
* The SSLCertifiacteKeyFile will be private-key-nopassphrase.pem

(:div style="border-style:ridge; border-width:2px; background-color:#ffffcc; margin-left:50px; overflow:auto; width:650px; height:250px;":)

(:div style="border-style:ridge; border-width:2px; background-color:#ffffcc; margin-left:50px; overflow:auto; width:650px; height:200px;":)

# On the Linux workstation, open the OpenSSL command line and perform the following tasks: (assuming that the pfx file is in the users home directory)
(:div style="border-style:ridge; border-width:2px; background-color:#ffffcc; margin-left:50px; overflow:auto; width:650px; height:100px;":)
[@
user@user-sled10:~> openssl
OpenSSL> pkcs12 -in cert.pfx -nocerts -out private-key.pem
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
OpenSSL> pkcs12 -in cert.pfx -clcerts -nokeys -out public-key.pem
Enter Import Password:
MAC verified OK
OpenSSL> rsa -in private-key.pem -out private-key-nopassphrase.pem
Enter pass phrase for private-key.pem:
writing RSA key
OpenSSL> exit
user@user-sled10:~>
@]
(:divend:)
When using Apache:
The SSLCertificateFile will be public-key.pem
The SSLCertifiacteKeyFile will be private-key-nopassphrase.pem

(:title Export a Tree's CA for use in external systems:)

Most things within Novell are pretty straightforward, but this task is one of the hardest I have come across in a while. Like most things, it is easy once you know how to do it, but finding the documentation is a pain in the hole.

# What you need to do is first Export the Organizational CA from the Tree using iManager or Console One. Be sure to check "Export Private Key" and "Include all certificates in the certification path is available"
# Save the exported file (cert.pfx) to a Linux Workstation with OpenSSL installed (it is normally installed by default)
# On the Linux workstation, open the OpenSSL command line and perform the following tasks: