Confusion over SSL certs for SLES OES
On a SLES 11 SP3 with OES11 SP2 server, if I use Yast, go to ‘Security and Users’ then choose ‘CA Management’ and enter the CA, I can see when the CA will expire. There is also a ‘Certificates’ option. When I look at this option I will see a certificate associated with the DNS name of the host.
If I back out of the CA to ‘Security and Users’ there is another option called ‘Common Server Certificate’. What is this certificate for?
Some of my hosts don’t show anything for the 'Common Server Certificate' while others have a certificate. Why?
How do the above certificates relate to what I see in iManager when I go to ‘NetIQ Certificate Access -Server Certificates’? Under there I can see up to 4 certificates which are:
What does it mean if I don’t have all of these in iManager?
In iManager, if I run the “NetIQ Certificate Server - Repair Default Certificates”, it looks like is rebuilds the “DNS_AG_server.domain.edu” and the “SSL_CertificateDNS” but not the “IP_AG_ipaddress” or the “SSL_CertificateIP”, why not?
After rebuilding the certs in iManager and checking to see that they are valid, if I re-launch Yast and look for the DNS name server certificate in the CA - it still shows expired. If I look at the Common Server Certificate, there still is none. Why does iManager now say the certs are valid but I don’t see that in Yast?