SSL/TLS CA certificate management no longer available after upgrade from SLES 11 SP4 to SLES 15

This document (000019721) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server SLES 15 SP3
SUSE Linux Enterprise Server SLES 15 SP2
SUSE Linux Enterprise Server SLES 15 SP1
SUSE Linux Enterprise Server SLES 15
SUSE Linux Enterprise Server SLES 11 SP4

Situation

After upgrade to SLES 15, the YaST Certificate Management Module is no longer available.

Resolution

You can use openssl via command line directly or use different software to manage CA certificates.

XCA is a opensource tool for certificate management. It is available in:

SLE 15 SP3 within the Server Applications module.
SLE 15 SP2 within the Package Hub.

You can find the package and example syntax to add the respective module or product with the command:

 zypper search-packages xca

For older SPx of SLE 15, you can obtain xca from SUSE's Open Build Service at this link.
https://software.opensuse.org/package/xca

Install with (example for SLES 15 SP1) :

zypper addrepo https://download.opensuse.org/repositories/security/SLE_15_SP1/security.repo
zypper refresh
zypper install xca

Cause

The YaST Certificate Management Module is discontinued and has been removed.

Additional Information

It is possible to import the CA, certificates and keys in XCA.
The path to find the YaST default CA, certificates and keys on the system are :

Type	Path
CA certificate	/var/lib/CAM/YaST_Default_CA/cacert.pem
CA key	/var/lib/CAM/YaST_Default_CA/cacert.key
certificate(s)	/var/lib/CAM/YaST_Default_CA/certs/.pem*
certificate key(s)	/var/lib/CAM/YaST_Default_CA/keys/.key*

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.