Procedure Generating a CSR | Nortel Networks NN42030-300 manual

Manage TLS certificates 35

A keystore is a file that can contain trusted certificates and combinations of private keys with their corresponding certificates. The information within the keystore is organized by alias, for example:

•tomcat (required): stores the public/private key pair and the Signed TLS Certificate from the CA

•root (required): stores the CA root certificate information

•intermediate (required for some CAs): stores the CA intermediate certificate information

Procedure 5

Generating a CSR

Step Action

1At the MCG 3100 Server, log on to the server as nortel.

2To become the superuser, enter the following command: su

3To change to the certificate keystore directory, enter: cd /opt/SQMobilityGW

4To delete the default keystore, enter: rm .keystore

5To generate a certificate keystore and private key, enter:

/usr/java/jdk1.5.0_03/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore .keystore

6At the prompt, enter the password for the keystore: firsthand

The default password for the keystore is firsthand. If you want to change the default password, you must modify the

.xml configuration file for the MCG 3100 Server. For more information, see “Change the keystore default password” (page 40).

7Enter the following information as required by the CA:

•First and last name—the Common Name of the keystore. Use the host name (including domain name) of the server as the common name (cn). For example: mg.mydomain.com

Nortel Mobile Communication 3100 Series Portfolio

Nortel Mobile Communication Gateway 3100 Installation and Upgrades

NN42030-300 02.03 Standard

9 May 2008

Copyright © 2007, 2008 Nortel Networks

Image 35

Nortel Networks NN42030-300 manual Procedure Generating a CSR

Contents

NN42030-300 Legal Notice Contents System software maintenance Copyright 2007, 2008 Nortel Networks Copyright 2007, 2008 Nortel Networks Other changes FeaturesNew in this release Revision history How to get help Getting help through a Nortel distributor or reseller Intended audience IntroductionSubject Conventions Text conventions cont’d Related informationTerminology NTPs Introduction MCG 3100 server components FundamentalsOverview Software components Hardware requirements SpecificationHardware components Installation overview Installation optionsOverview of the MC 3100 installation Fundamentals Linux base installation Preinstallation Enterprise network veriﬁcation Preinstallation Supported Ldap servers Preinstallation Redundant server option InstallationNonredundant and redundant server implementations Nonredundant server option Rules for redundant server implementations Software installationProcedure Installing the MCG 3100 software Appinstall End MCG 3100 Web Console logon PostinstallationProcedure Logging on to the MCG 3100 Web Console MCG 3100 parameter conﬁguration Procedure Conﬁguring the MCG 3100 parameters MCG 3100 configuration parameter fields Field Description Postinstallation License ﬁle Procedure Adding a license ﬁle Error Licence ﬁle troubleshooting Enroll with a Certificate Authority Manage TLS certiﬁcates Certificate Signing Request generation Procedure Generating a CSR To generate the CSR, enter Firsthand Procedure Obtaining a signed TLS certificateSigned TLS certificate CA root and intermediate certificates Procedure Obtaining a CA root or intermediate certificate Usr/java/jdk1.5.003/bin/keytool -import Root and signed certificate installationProcedure Installing the root and signed certiﬁcates Change the keystore default password Viewing the contents of the keystore Cd /opt/SQmobilityGW/tomcat/conf Sudo /sbin/service mobilitygw restartCA root certificate distribution Click File Manager Procedure Installing a root certificate on a Nokia device Manage TLS certificates Postinstallation Procedure Upgrading the MCG 3100 system software from CD System software maintenanceSystem software upgrades System software maintenance PM EST Sudo /opt/mobilitybase-2.1-XX/postpatch.sh Procedure Removing an SU Sudo /opt/mobilitybase-2.1-XX/postunpatch.sh System software uninstallation Procedure Uninstalling the MCG 3100 system software Admin shell accessShell commands Sudo /sbin/service mobilityadmin stop Sudo /sbin/service mobilitygw startSudo /sbin/service mobilitygw stop Sudo /sbin/service mobilityadmin start Root 9498 9367 0 1402 pts/0 000000 grep SQMobilityGW Procedure Checking the Gateway Server processes Procedure Checking the Administration Server processes Root 9542 9367 0 1404 pts/0 000000 grep SQMobilityAdmin Procedure Restoring the databases Mysqldump --opt --all-databases backup.sqlProcedure Backing up the databases To start the server processes, enter System software maintenance Port usage page 57 lists the port usage details for MCG Appendix a Port numbers and protocols TCP JVM Usr/java/jdk1.5.003/bin/keytool -genkey Procedure Generating self-signed certiﬁcatesAppendix B Self-signed certiﬁcate generation Days. Nortel recommends using a value 3650 Index Copyright 2007, 2008 Nortel Networks Page Nortel Mobile Communication 3100 Series Portfolio