Novell iMANAGER 2.7, Руководство по установке, Страница: 12 / 30

12 Novell iManager 2.7 Installation Guide
n
ov
do
cx (e
n)
22
Ju
n
e 20
09
The same eDirectory tree can be managed with iManager 2.7, iManager 2.6 and iManager 2.5. Your
RBS Collection(s) should be updated for iManager 2.7. The updated RBS Collection(s) will
maintain backward compatibility with iManager 2.6 and 2.5.
1.2 Prerequisites
You must satisfy the following prerequisites in order to install and use either iManager or iManager
Workstation. These prerequisites apply to all server platforms. Additional platform-specific
prerequisites are listed by platform in
Section 1.5, “Installing a New Version of iManager,” on
page 15 .
‰ eDirectory Management: iManager 2.7 can manage any server running Novell eDirectory
8.7.3 or later.
‰
Admin-Equivalent Rights: You must have admin-equivalent rights for the creation of a Role-
Based Services (RBS) collection in the eDirectory tree, and to run the iManager RBS
Configuration Wizard.
‰
File System Rights: You must have root access for Linux servers; admin access for NetWare
servers; or Administrator access for Windows servers.
1.3 Self-Signed Certificates
NOTE: The information in this section does not apply to OES Linux or OES NetWare, which
installs both Tomcat and Apache. The OES Linux documentation includes information about
replacing the self-signed Apache/Tomcat certificate.
Standalone iManager installations include a temporary, self-signed certificate for use by Tomcat. It
has an expiration date of one year.
This is not intended to be a long-term implementation. It is a temporary solution to get your system
up and running so you can securely use iManager immediately following installation. OpenSSL
does not recommend using self-signed certificates except for testing purposes.
One challenge to replacing the self-signed certificate is that Tomcat’s default keystore uses is in
Tomcat {JKS} format file. The tool used to modify this keystore,
keytool
, cannot import a private
key. It will only use a self-generated key.
If you are using eDirectory, you can use Novell Certificate Server to securely generate, track, store
and revoke certificates with no further investment. To generate a public/private key pair in
eDirectory using Novell Certificate Server, complete the following steps for your applicable
platform:
1.3.1 Linux
The following instructions show how to create a keypair in eDirectory and export the Public, Private
and Root Certificate Authority (CA) keys via a PKCS#12 file on the Linux platform. This includes
modifying Tomcat's
server.xml
configuration file in order to use the PKCS12 directive and point
the configuration to an actual P12 file rather than use the default JKS keystore.
The files associated with this process are as follows:
Š
The temporary keypair is held in the
/var/opt/novell/novlwww/.keystore
file.