Avaya 7.8 manual Installing a Signed SSL Certificate, Selecting a Certificate Authority CA

9.5.3 Installing a Signed SSL Certificate

If you want to install your own SSL certificate, you must replace the certificate distributed with the application. Your replacement certificate must be specific to your installed server.

Selecting a Certificate Authority (CA)

If you do not already use a certificate authority, you can use:

∙http://www.freessl.com/starterssl/starterssl.html - FreeSSL requires that the web server has a fully qualified domain name (e.g. contactrecorder.bigcorp.com or contactrecorder.division.bigcorp.com) and needs to be able to send an email to an address like ssladmin@bigcorp.com or administrator@division.bigcorp.com. The list of addresses can be found on their website, and it includes admin, ssladmin, root, and administrator.

∙http://www.instantssl.com - InstantSSL is more flexible and allows intranet addresses (such as WINS names and IP addresses) as well as fully qualified domain names.

Backing up the Keystore file

In the instructions which follow, replace <installdir> with the location into which you installed Verint ContactStore for Communication Manager.

The certificates and keys are stored beneath your installation folder in the file:

/opt/witness/keystore/keystore.jks

Because this file contains the original, distributed certificate, it is important to make a backup of it. You will delete this file during the remaining steps. Should it be necessary to restore the original certificate, you can copy the backup to the original filename.

Creating the new Certificate

If you would like to test this implementation, you can practice this procedure with a certificate authority's 30-day trial certificate. Then, to implement real certificates, you can start over from this point.

To create a certificate:

1.Create a new certificate with the real URL of the Verint ContactStore for Communication Manager.

2.Log onto the server and change directory as follows:

cd /opt/witness/keystore

3.Remove the original keystore file

rm keystore.jks

4.Run the java keytool utility with

/javadirectory/bin/keytool -genkey -keystore keystore.jks -alias tomcat -keyalg RSA

5.Fill in the Keytool prompts with the following:

Password: Contact5tor3

∙Note: You must type this password, exactly as shown. It is case sensitive.

a. First & Last Name: enter the FQDN, IP address or intranet name

b. Organizational Unit: enter your division

c. Organization: enter your company name

d. City/Location: enter your location

e. State/Province: enter your state

f. Country Code: enter the ISO 2 letter code for your country (for example, GB is the code for United Kingdom)

6.Enter yes if the information is correct.

7.Hit enter when prompted for the second password.

8.Restart the Verint ContactStore for Communication Manager service.

9.Access the Administration pages via https.

10.Check that the certificate matches the information entered.