Bob Brandt's Projects Site | Novell / Export a Tree's CA for use in external systems

Most things within Novell are pretty straightforward, but this task is one of the hardest I have come across in a while. Like most things, it is easy once you know how to do it, but finding the documentation is a pain in the hole.

What you need to do is first Export the Organizational CA from the Tree using iManager or Console One. Be sure to check "Export Private Key" and "Include all certificates in the certification path is available"
Save the exported file (cert.pfx) to a Linux Workstation with OpenSSL installed (it is normally installed by default)
On the Linux workstation, open the OpenSSL command line and perform the following tasks: (assuming that the pfx file is in the users home directory)

user@user-sled10:~> openssl
OpenSSL> pkcs12 -in cert.pfx -nocerts -out private-key.pem
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
OpenSSL> pkcs12 -in cert.pfx -clcerts -nokeys -out public-key.pem
Enter Import Password:
MAC verified OK
OpenSSL> rsa -in private-key.pem -out private-key-nopassphrase.pem
Enter pass phrase for private-key.pem:
writing RSA key
OpenSSL> exit

When using Apache:

The SSLCertificateFile will be public-key.pem
The SSLCertifiacteKeyFile will be private-key-nopassphrase.pem

From Bob Brandt's Projects Site

Novell: Export a Tree's CA for use in external systems