Recreating Certificates on OES, migrating to a new server, and checking status (in a nutshell)
Author Info
3 October 2012 – 11:25am
Submitted by: shawniverson2
Preparation
Step 1 — Become One with Your Environment
Understand and document your environment.
i.e. IP Addressing, services running on old server, eDirectory structure, etc.
This information is different in every environment.
Step 2 — Be Your Environment
Fully back up your current environment.
These steps vary depending on your backup solution.
Step 3 — Focus and Meditate on Your Environment
Practice with OES in a test environment first until you are comfortable. A good technique is to restore/clone your current environment into a sandbox, snapshot it, and practice upgrading until you get it right. This is also a good way to verify that restores from backup will work as well 😉
Again, steps here vary depending on your backup and cloning solution.
Execution
Step 1 — Where’s my CA?
Make sure you know where your Certificate Authority is located.
A quick way to determine which server is the CA is to go to iManager –> Novell Certificate Server –> Configure Certificate Authority
Look at the host server entry.
Step 2 — Is my CA valid?
iManager –> Novell Certificate Server –> Configure Certificate Authority –> Certificates –> Check each cert and click Validate
If your CA certs are not valid, you will need to fix this before proceeding as you will not be able to generate server certificates.
The procedure to fix this problem is to recreate your CA and generate new CA certificates.
See How do I move the Organizational CA to another server? under Option II for more information.
Step 3 — Are my server certs valid?
iManager –> Novell Certificate Access –> Server Certificates
Use the magnifying glass to select your server and validate your certificates.
Step 4 — Recreating server certs (if not valid)
I highly recommend this procedure. OES scatters the certificates all over the place for many services. Updating them in eDirectory/iManager is not enough! Why not let this script do it for you?
Certificate Re-creation Script for OES1, OES2 and OES 11
Step 5 — Migrating to a new server
Two methods generally exist for this. Transfer ID and Server Consolidation. Your path will depend on your unique situation and requirements.
The Migration Tool Administration Guide from Novell is your friend. Download the guide from Novell for you particular version of OES.
Note from step 1: If the server you are migrating from is your CA, you’ll need to migrate the CA as well! This is not covered in the guide!
See How do I move the Organizational CA to another server? Option I for more information.
Step 6 — Checking status
Checking status will depend on what services you are running on your server.
Tip 1: Check running services
Using service servicename status or rcservicename status will tell you if a service is running.
(Look in /etc/init.d for a full list of services on your server. Note that some services may be disabled.)
Tip 2: Check your logs
OES scatters logs all over the place. Here are some common places.
/var/log
/var/opt/novell/log/servicename
/var/opt/novell/servicename/log
Tip 3: Monitor your server using top for CPU, Process, and Memory in realtime
Tip 4: Use Remote Manager
Tip 5: Use iMonitor for eDirectory health
Tip 6: Monitor disk usage
Use df -h from a shell/terminal for a quick glance
Step 7 — Download the Docs for More Information
Novell keeps extensive documentation on OES on nearly every topic related to OES. Get your copy of the documentation!
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don’t even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published “as is.” It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.