Nortel Networks NN42030-300 CA root certificate distribution, Cd /opt/SQmobilityGW/tomcat/conf

Page 41

Manage TLS certificates 41

/usr/java/jdk1.5.0_03/bin/keytool -storepasswd -new <new_password> -storepass <od_password> -keystore /opt/SQMobilityGW

where

<old_password> is the existing keystore password. <new_password> is your chosen password.

4Change the working directory:

cd /opt/SQmobilityGW/tomcat/conf/

5Open the server.xml file using an available editor (for example, vi).

6Locate the following default line:

clientAuth="false" sslProtocol="TLS" key storeFile="/opt/SQMobilityGW/.keystore" keypass="firsthand"

7Change keypass="firsthand" to keypass="<new_passwo rd>" .

where

<new_password> is the password entered in the keytool command.

8Save and close the server.xml file.

9Restart the service:

sudo /sbin/service mobilitygw restart

--End--

CA root certificate distribution

You must ensure the CA root certificate is installed (in DER format) on all mobile client devices that register with the MCG 3100 Server. Depending on which CA you choose, the root certificates are preinstalled or you distribute the root certificates to the clients for manual installation.

Various methods of root certificate distribution are available. Typically, the administrator e-mails the root certificate to the mobile client users who need it (Windows Mobile Single Mode and Nokia clients). The users must install the certificate on their devices.

After the user installs the root certificate, the mobile client communicates with the MCG 3100 using TLS security.

Nortel Mobile Communication 3100 Series Portfolio

Nortel Mobile Communication Gateway 3100 Installation and Upgrades

NN42030-300 02.03 Standard

9 May 2008

Copyright © 2007, 2008 Nortel Networks

Image 41

Contents NN42030-300 Legal Notice Contents System software maintenance Copyright 2007, 2008 Nortel Networks Copyright 2007, 2008 Nortel Networks Other changes FeaturesNew in this release Revision history How to get help Getting help through a Nortel distributor or reseller Subject IntroductionConventions Intended audienceText conventions cont’d Related informationTerminology NTPs Introduction MCG 3100 server components FundamentalsOverview Software components Hardware requirements SpecificationHardware components Installation overview Installation optionsOverview of the MC 3100 installation Fundamentals Linux base installation PreinstallationEnterprise network veriﬁcation PreinstallationSupported Ldap servers Preinstallation Nonredundant and redundant server implementations InstallationNonredundant server option Redundant server optionRules for redundant server implementations Software installationProcedure Installing the MCG 3100 software Appinstall End MCG 3100 Web Console logon PostinstallationProcedure Logging on to the MCG 3100 Web Console MCG 3100 parameter conﬁguration Procedure Conﬁguring the MCG 3100 parametersMCG 3100 configuration parameter fields Field Description Postinstallation License ﬁle Procedure Adding a license ﬁleError Licence ﬁle troubleshootingEnroll with a Certificate Authority Manage TLS certiﬁcatesCertificate Signing Request generation Procedure Generating a CSR To generate the CSR, enter Firsthand Procedure Obtaining a signed TLS certificateSigned TLS certificate CA root and intermediate certificates Procedure Obtaining a CA root or intermediate certificateUsr/java/jdk1.5.003/bin/keytool -import Root and signed certificate installationProcedure Installing the root and signed certiﬁcates Change the keystore default password Viewing the contents of the keystoreCd /opt/SQmobilityGW/tomcat/conf Sudo /sbin/service mobilitygw restartCA root certificate distribution Click File Manager Procedure Installing a root certificate on a Nokia deviceManage TLS certificates Postinstallation Procedure Upgrading the MCG 3100 system software from CD System software maintenanceSystem software upgrades System software maintenance PM EST Sudo /opt/mobilitybase-2.1-XX/postpatch.sh Procedure Removing an SUSudo /opt/mobilitybase-2.1-XX/postunpatch.sh System software uninstallationProcedure Uninstalling the MCG 3100 system software Admin shell accessShell commands Sudo /sbin/service mobilitygw stop Sudo /sbin/service mobilitygw startSudo /sbin/service mobilityadmin start Sudo /sbin/service mobilityadmin stopRoot 9498 9367 0 1402 pts/0 000000 grep SQMobilityGW Procedure Checking the Gateway Server processesProcedure Checking the Administration Server processes Root 9542 9367 0 1404 pts/0 000000 grep SQMobilityAdminProcedure Restoring the databases Mysqldump --opt --all-databases backup.sqlProcedure Backing up the databases To start the server processes, enter System software maintenance Port usage page 57 lists the port usage details for MCG Appendix a Port numbers and protocolsTCP JVM Usr/java/jdk1.5.003/bin/keytool -genkey Procedure Generating self-signed certiﬁcatesAppendix B Self-signed certiﬁcate generation Days. Nortel recommends using a value 3650 Index Copyright 2007, 2008 Nortel Networks Page Nortel Mobile Communication 3100 Series Portfolio