Hey All,
I am stuck with setting up ssl for calendar 6. When I start I get an error saying it can't find the cert
General Error: SSL initialization error: Didn't find certificate "cert name" (-8129)
but certutil -L -d dbdir shows the cert there. Got a test cert from thawte. Not sure where to look from here? Any help would be greatly appreciated.
Thanks
Just found the problem with the SSL for Calendar Server on Windows. Maybe this will fix your problem too. Basically you have to copy and edit the sslpassword.conf file and then use it before calendar server deletes it. Try these steps for the Windows version of JES to setup certs using OpenSSL.
1. Copy the "sslpassword.conf" from the "config-template" folder to the "config" folder.
2. Edited it so it ONLY contains your SSL password.
3. Create your SSL database:
"\sun\share\bin\certutil -N -d \sun\calendarserver\alias -f \sun\calendarserver\bin\config\sslPassword.conf"
4. Request a cert to be signed by your own CA (need to have previously set up your CA using OpenSSL) or another authority
"\sun\share\bin\certutil -R -n "Server-Cert" -s "CN=test.domain.com,O=organization,C=US,ST=Iowa,L=Des Moines,OU=IT" -p "515-xxx-xxxx" -m 25000 -o \temp\cal-newreq.pem -d \sun\calendarserver\alias -f \sun\calendarserver\bin\config\sslPassword.conf -z \Sun\CalendarServer\bin\config\calendarserver.properties -a"
5. Get it signed by your CA or another authority, example:
"openssl> ca -out \temp\cal-newcert.pem -config \openssl\bin\openssl.cnf -infiles \temp\cal-newreq.pem"
6. Import the signed cert:
"\sun\share\bin\certutil -A -n "Server-Cert" -t "u,u,u" -d \sun\calendarserver\alias -a -i \temp\cal-newcert.pem -f \sun\calendarserver\bin\config\sslPassword.conf"
7. Import the CA cert:
"\sun\share\bin\certutil -A -n "myCA" -t "TCu,TCu,TCuw" -d \sun\calendarserver\alias -a -i \temp\cacert.pem -f \sun\calendarserver\bin\config\sslPassword.conf"
8. Edit your ics.conf file (i.e. the items in the SSL section plus three other lines near the RSA stuff).
8. Start calendar server. Note, the sslpassword.conf file disappears. Don't know why, but it works.
Here's some additional info. I made the SSL work as noted above on my test server, but not with my production server (or soon to be). Go figure. To make it work on my production server, I had to move my "alias" directory to the "bin" folder and then change the following in my ics.conf file.
! Physical path location for the SSL Certificate Database
!! service.http.ssl.certdb.path = "C:/Sun/CalendarServer/alias"
service.http.ssl.certdb.path = "alias"
-
