Nortel Networks NN42030-300 manual Manage TLS certificates, Enroll with a Certificate Authority

Page 33

 

 

Manage TLS certificates 33

 

 

 

Table 5

 

 

Common server license status errors (cont’d.)

 

 

 

 

Server

 

 

License Status

Issue description

Resolution

 

 

 

ERROR 103: Client’s

This error indicates that the system

Reset the system clock and restart.

system clock is

clock was changed after a previous

 

suspect and/or the

activation.

 

client configuration

 

 

has been tampered

 

 

with.

 

 

 

 

 

ERROR 17:

This error indicates that the license

Contact Nortel.

key limit exceeded

file that you provided was activated

 

 

before on another machine and

 

 

there is no seat available for you to

 

 

activate.

 

 

 

 

ATTENTION

If you start the MCG 3100 for the very first time without a valid license, errors occur until you upload a valid license and restart the server. You must always restart the MCG 3100 after you add or modify the license file.

Manage TLS certificates

A Public Key Infrastructure (PKI) uses Transport Layer Security (TLS) certificates to provide server authentication and private communication. With a PKI, the communication between the mobile clients and the MCG 3100 server is secure.

Perform the following tasks to configure the PKI:

Enroll with a Certificate Authority (CA).

Generate a Certificate Signing Request (CSR).

Obtain a signed TLS certificate.

Obtain the CA root certificate, intermediate certificate, or both as required by the CA..

Install the root or intermediate (or both as required by the CA) and signed certificates.

Distribute the CA root certificate.

Enroll with a Certificate Authority

Some CAs, such as VeriSign or Entrust, charge a fee for their services. Others, such as CACert or RapidSSL, provide free or low-cost solutions. As an alternative to using a commercial CA, you can build your own. For example, Microsoft Exchange Server includes tools that enable you to build a CA server that is exclusive to your organization.

Nortel Mobile Communication 3100 Series Portfolio

Nortel Mobile Communication Gateway 3100 Installation and Upgrades

NN42030-300 02.03 Standard

9 May 2008

Copyright © 2007, 2008 Nortel Networks

Page 32 Page 34
Image 33
Page 32 Page 34
Contents NN42030-300 Legal Notice Contents System software maintenance Copyright 2007, 2008 Nortel Networks Copyright 2007, 2008 Nortel Networks Features New in this releaseOther changes Revision history How to get help Getting help through a Nortel distributor or reseller Subject IntroductionConventions Intended audienceRelated information TerminologyText conventions cont’d NTPs Introduction Fundamentals OverviewMCG 3100 server components Hardware requirements Specification Hardware componentsSoftware components Installation options Overview of the MC 3100 installationInstallation overview Fundamentals Linux base installation PreinstallationEnterprise network verification PreinstallationSupported Ldap servers Preinstallation Nonredundant and redundant server implementations InstallationNonredundant server option Redundant server optionSoftware installation Procedure Installing the MCG 3100 softwareRules for redundant server implementations Appinstall End Postinstallation Procedure Logging on to the MCG 3100 Web ConsoleMCG 3100 Web Console logon MCG 3100 parameter configuration Procedure Configuring the MCG 3100 parametersMCG 3100 configuration parameter fields Field Description Postinstallation License file Procedure Adding a license fileError Licence file troubleshootingEnroll with a Certificate Authority Manage TLS certificatesCertificate Signing Request generation Procedure Generating a CSR To generate the CSR, enter Procedure Obtaining a signed TLS certificate Signed TLS certificateFirsthand CA root and intermediate certificates Procedure Obtaining a CA root or intermediate certificateRoot and signed certificate installation Procedure Installing the root and signed certificatesUsr/java/jdk1.5.003/bin/keytool -import Change the keystore default password Viewing the contents of the keystoreSudo /sbin/service mobilitygw restart CA root certificate distributionCd /opt/SQmobilityGW/tomcat/conf Click File Manager Procedure Installing a root certificate on a Nokia deviceManage TLS certificates Postinstallation System software maintenance System software upgradesProcedure Upgrading the MCG 3100 system software from CD System software maintenance PM EST Sudo /opt/mobilitybase-2.1-XX/postpatch.sh Procedure Removing an SUSudo /opt/mobilitybase-2.1-XX/postunpatch.sh System software uninstallationAdmin shell access Shell commandsProcedure Uninstalling the MCG 3100 system software Sudo /sbin/service mobilitygw stop Sudo /sbin/service mobilitygw startSudo /sbin/service mobilityadmin start Sudo /sbin/service mobilityadmin stopRoot 9498 9367 0 1402 pts/0 000000 grep SQMobilityGW Procedure Checking the Gateway Server processesProcedure Checking the Administration Server processes Root 9542 9367 0 1404 pts/0 000000 grep SQMobilityAdminMysqldump --opt --all-databases backup.sql Procedure Backing up the databasesProcedure Restoring the databases To start the server processes, enter System software maintenance Port usage page 57 lists the port usage details for MCG Appendix a Port numbers and protocolsTCP JVM Procedure Generating self-signed certificates Appendix B Self-signed certificate generationUsr/java/jdk1.5.003/bin/keytool -genkey Days. Nortel recommends using a value 3650 Index Copyright 2007, 2008 Nortel Networks Page Nortel Mobile Communication 3100 Series Portfolio
Top Page Image Contents