Appendix: Advanced Security

11.Double click the padlock icon. Internet Explorer should warn you that the certificate is unsigned. However, it should no longer display a message that indicates the certificate does not match the web server name.

Tip: If you do get a warning that the certificate does not match, check that the Common Name matches the URL. Double click the padlock, select the details tab, and click the Subject line. This displays the Common Name.

Generating a Certificate Signing Request

You need a Certificate Signing Request (CSR) as the first step of the signing process. When you have it, paste it into the Certificate Authority's web page. To generate a CSR:

1. Re-run the keytool command

/javadirectory/bin/keytool -certreq -keystore keystore.jks -alias tomcat

2.Enter the password - which is Contact5tor3.

3.Copy and paste the output into the CA's web page. (Include the BEGIN and END lines.)

4.Complete the verification process

5.Reply to the verification emails and other verification steps until you obtain a signed certificate back from the CA.

Importing the CA's certificates

Before you can import your certificate reply, you need to import the certificate authority's

root certificate and any intermediate certificates between their root and your certificate.

To acquire these certificates:

1.Download these certificates from the certificate authority's website.

2.Save the root as rcert.crt and any intermediate as icert.crt. If you have more than one intermediate certificate, give them separate filenames.

To import all your certificates:

1. Import the root certificate by running keytool:

/javadirectory/bin/keytool -import -keystore keystore.jks -alias root -file rcert.crt

2.Enter the password - which is Contact5tor3.

3.Import the intermediate (if required).

/javadirectory/bin/keytool -import -keystore keystore.jks -alias inter -file icert.crt

If you have more than one intermediate certificate, import them as inter1, etc.

4.Import your signed certificate.

5.Save the file the CA sent as cert.crt.

6.Import with the keytool.

/javadirectory/bin/keytool -import -keystore keystore.jks -alias tomcat -file cert.crt

7.Restart the Verint ContactStore for Communication Manager service.

8.Access the administration pages using https.

9.Double click the padlock icon and ensure that Internet Explorer no longer displays a message that the certificate is unsigned.

Backing up the keystore file

The keystore file now contains:

the random private key that is unique to this web server

the signed certificate you just paid for

IP Office ContactStore 7.8

Page 79

IP Office

15-601038 Issue 4b (06 July 2009)

Page 78 Page 80
Page 79
Image 79
Avaya 7.8 manual Generating a Certificate Signing Request, Importing the CAs certificates, To acquire these certificates
Page 78 Page 80
Top Page Image Contents