Nortel Networks NN42030-300 manual Signed TLS certificate, Firsthand

Page 37

Manage TLS certificates 37

firsthand

The CSR text appears as in the following example:

Sample CSR text

-----BEGIN NEW CERTIFICATE REQUEST-----

MIIBJTCB0AIBADBtMQswCQYDVQQGEwJVUzEQMA4G A1UEChs4lBMHQ XJpem9uYTENA1UEBxMETWVzYTEf MB0GA1UEChMWTWVs3XbnzYSBDb 21tdW5pdHkgQ2 9sbGVnZTEA1UEAxMTd3d3Lm1jLm1hcmljb3BhLmV kdTBaMA0GCSqGSIb3DQEBAQUAA0kAMEYCQQDRNU6 xslWjG41163gA rsj/P108sFmjkjzMuUUFYbmtZX4 RFxf/U7cZZdMagz4IMmY0F9cdp DLTAutULTsZKD cLAgEDoAAwDQYJKoZIhvcNAQEEBQADQQAjIFpTLg fmBVhc9SQaip5SFNXtzAmhYzvJkt5JJ4X2r7VJYG3J 0vauJ5VkjXz 9aevJ8dzx37ir3P4XpZ+NFxK1R=

-----END NEW CERTIFICATE REQUEST-----

12Copy the entire CSR text, including -----BEGIN NEW CERTIFICATE REQUEST-----and -----END NEW CERTIFICATE REQUEST-----and save it as a text file, for example CSR.txt.

13Store the CSR text file in a safe location.

You require the CSR text file to request a signed TLS certificate from the CA.

--End--

Signed TLS certificate

You must obtain a signed TLS certificate from the CA and install it in your keystore. To obtain the signed TLS certificate from the CA, follow the steps in Procedure 6 “Obtaining a signed TLS certificate” (page 37). Before you begin, ensure that you have access to the CSR file that you saved in Procedure 5 “Generating a CSR” (page 35) Step 12.

Procedure 6

Obtaining a signed TLS certificate

Step Action

1Using the certificate management tool provided by your CA, access the prompt or Web page where you request certificates.

2If you receive a prompt to specify the server type, select Apache.

3At the prompt or Web page, paste the entire CSR text, including

-----BEGIN NEW CERTIFICATE REQUEST----- and

-----END NEW CERTIFICATE REQUEST-----.

Nortel Mobile Communication 3100 Series Portfolio

Nortel Mobile Communication Gateway 3100 Installation and Upgrades

NN42030-300 02.03 Standard

9 May 2008

Copyright © 2007, 2008 Nortel Networks

Image 37

Contents NN42030-300 Legal Notice Contents System software maintenance Copyright 2007, 2008 Nortel Networks Copyright 2007, 2008 Nortel Networks New in this release FeaturesOther changes Revision history How to get help Getting help through a Nortel distributor or reseller Subject IntroductionConventions Intended audienceTerminology Related informationText conventions cont’d NTPs Introduction Overview FundamentalsMCG 3100 server components Hardware components Hardware requirements SpecificationSoftware components Overview of the MC 3100 installation Installation optionsInstallation overview Fundamentals Linux base installation PreinstallationEnterprise network veriﬁcation PreinstallationSupported Ldap servers Preinstallation Nonredundant and redundant server implementations InstallationNonredundant server option Redundant server optionProcedure Installing the MCG 3100 software Software installationRules for redundant server implementations Appinstall End Procedure Logging on to the MCG 3100 Web Console PostinstallationMCG 3100 Web Console logon MCG 3100 parameter conﬁguration Procedure Conﬁguring the MCG 3100 parametersMCG 3100 configuration parameter fields Field Description Postinstallation License ﬁle Procedure Adding a license ﬁleError Licence ﬁle troubleshootingEnroll with a Certificate Authority Manage TLS certiﬁcatesCertificate Signing Request generation Procedure Generating a CSR To generate the CSR, enter Signed TLS certificate Procedure Obtaining a signed TLS certificateFirsthand CA root and intermediate certificates Procedure Obtaining a CA root or intermediate certificateProcedure Installing the root and signed certiﬁcates Root and signed certificate installationUsr/java/jdk1.5.003/bin/keytool -import Change the keystore default password Viewing the contents of the keystoreCA root certificate distribution Sudo /sbin/service mobilitygw restartCd /opt/SQmobilityGW/tomcat/conf Click File Manager Procedure Installing a root certificate on a Nokia deviceManage TLS certificates Postinstallation System software upgrades System software maintenanceProcedure Upgrading the MCG 3100 system software from CD System software maintenance PM EST Sudo /opt/mobilitybase-2.1-XX/postpatch.sh Procedure Removing an SUSudo /opt/mobilitybase-2.1-XX/postunpatch.sh System software uninstallationShell commands Admin shell accessProcedure Uninstalling the MCG 3100 system software Sudo /sbin/service mobilitygw stop Sudo /sbin/service mobilitygw startSudo /sbin/service mobilityadmin start Sudo /sbin/service mobilityadmin stopRoot 9498 9367 0 1402 pts/0 000000 grep SQMobilityGW Procedure Checking the Gateway Server processesProcedure Checking the Administration Server processes Root 9542 9367 0 1404 pts/0 000000 grep SQMobilityAdminProcedure Backing up the databases Mysqldump --opt --all-databases backup.sqlProcedure Restoring the databases To start the server processes, enter System software maintenance Port usage page 57 lists the port usage details for MCG Appendix a Port numbers and protocolsTCP JVM Appendix B Self-signed certiﬁcate generation Procedure Generating self-signed certiﬁcatesUsr/java/jdk1.5.003/bin/keytool -genkey Days. Nortel recommends using a value 3650 Index Copyright 2007, 2008 Nortel Networks Page Nortel Mobile Communication 3100 Series Portfolio