Signed TLS certificate, Firsthand | Nortel Networks NN42030-300

Manage TLS certificates 37

firsthand

The CSR text appears as in the following example:

Sample CSR text

-----BEGIN NEW CERTIFICATE REQUEST-----

MIIBJTCB0AIBADBtMQswCQYDVQQGEwJVUzEQMA4G A1UEChs4lBMHQ XJpem9uYTENA1UEBxMETWVzYTEf MB0GA1UEChMWTWVs3XbnzYSBDb 21tdW5pdHkgQ2 9sbGVnZTEA1UEAxMTd3d3Lm1jLm1hcmljb3BhLmV kdTBaMA0GCSqGSIb3DQEBAQUAA0kAMEYCQQDRNU6 xslWjG41163gA rsj/P108sFmjkjzMuUUFYbmtZX4 RFxf/U7cZZdMagz4IMmY0F9cdp DLTAutULTsZKD cLAgEDoAAwDQYJKoZIhvcNAQEEBQADQQAjIFpTLg fmBVhc9SQaip5SFNXtzAmhYzvJkt5JJ4X2r7VJYG3J 0vauJ5VkjXz 9aevJ8dzx37ir3P4XpZ+NFxK1R=

-----END NEW CERTIFICATE REQUEST-----

12Copy the entire CSR text, including -----BEGIN NEW CERTIFICATE REQUEST-----and -----END NEW CERTIFICATE REQUEST-----and save it as a text file, for example CSR.txt.

13Store the CSR text file in a safe location.

You require the CSR text file to request a signed TLS certificate from the CA.

--End--

Signed TLS certificate

You must obtain a signed TLS certificate from the CA and install it in your keystore. To obtain the signed TLS certificate from the CA, follow the steps in Procedure 6 “Obtaining a signed TLS certificate” (page 37). Before you begin, ensure that you have access to the CSR file that you saved in Procedure 5 “Generating a CSR” (page 35) Step 12.

Procedure 6

Obtaining a signed TLS certificate

Step Action

1Using the certificate management tool provided by your CA, access the prompt or Web page where you request certificates.

2If you receive a prompt to specify the server type, select Apache.

3At the prompt or Web page, paste the entire CSR text, including

-----BEGIN NEW CERTIFICATE REQUEST----- and

-----END NEW CERTIFICATE REQUEST-----.

Nortel Mobile Communication 3100 Series Portfolio

Nortel Mobile Communication Gateway 3100 Installation and Upgrades

NN42030-300 02.03 Standard

9 May 2008

Copyright © 2007, 2008 Nortel Networks

Image 37

Nortel Networks NN42030-300 manual Signed TLS certificate, Firsthand, Procedure Obtaining a signed TLS certificate

Contents

NN42030-300 Legal Notice Contents System software maintenance Copyright 2007, 2008 Nortel Networks Copyright 2007, 2008 Nortel Networks New in this release FeaturesOther changes Revision history How to get help Getting help through a Nortel distributor or reseller Subject IntroductionConventions Intended audience Terminology Related informationText conventions cont’d NTPs Introduction Overview FundamentalsMCG 3100 server components Hardware components Hardware requirements SpecificationSoftware components Overview of the MC 3100 installation Installation optionsInstallation overview Fundamentals Linux base installation Preinstallation Enterprise network veriﬁcation Preinstallation Supported Ldap servers Preinstallation Nonredundant and redundant server implementations InstallationNonredundant server option Redundant server option Procedure Installing the MCG 3100 software Software installationRules for redundant server implementations Appinstall End Procedure Logging on to the MCG 3100 Web Console PostinstallationMCG 3100 Web Console logon MCG 3100 parameter conﬁguration Procedure Conﬁguring the MCG 3100 parameters MCG 3100 configuration parameter fields Field Description Postinstallation License ﬁle Procedure Adding a license ﬁle Error Licence ﬁle troubleshooting Enroll with a Certificate Authority Manage TLS certiﬁcates Certificate Signing Request generation Procedure Generating a CSR To generate the CSR, enter Signed TLS certificate Procedure Obtaining a signed TLS certificateFirsthand CA root and intermediate certificates Procedure Obtaining a CA root or intermediate certificate Procedure Installing the root and signed certiﬁcates Root and signed certificate installationUsr/java/jdk1.5.003/bin/keytool -import Change the keystore default password Viewing the contents of the keystore CA root certificate distribution Sudo /sbin/service mobilitygw restartCd /opt/SQmobilityGW/tomcat/conf Click File Manager Procedure Installing a root certificate on a Nokia device Manage TLS certificates Postinstallation System software upgrades System software maintenanceProcedure Upgrading the MCG 3100 system software from CD System software maintenance PM EST Sudo /opt/mobilitybase-2.1-XX/postpatch.sh Procedure Removing an SU Sudo /opt/mobilitybase-2.1-XX/postunpatch.sh System software uninstallation Shell commands Admin shell accessProcedure Uninstalling the MCG 3100 system software Sudo /sbin/service mobilitygw stop Sudo /sbin/service mobilitygw startSudo /sbin/service mobilityadmin start Sudo /sbin/service mobilityadmin stop Root 9498 9367 0 1402 pts/0 000000 grep SQMobilityGW Procedure Checking the Gateway Server processes Procedure Checking the Administration Server processes Root 9542 9367 0 1404 pts/0 000000 grep SQMobilityAdmin Procedure Backing up the databases Mysqldump --opt --all-databases backup.sqlProcedure Restoring the databases To start the server processes, enter System software maintenance Port usage page 57 lists the port usage details for MCG Appendix a Port numbers and protocols TCP JVM Appendix B Self-signed certiﬁcate generation Procedure Generating self-signed certiﬁcatesUsr/java/jdk1.5.003/bin/keytool -genkey Days. Nortel recommends using a value 3650 Index Copyright 2007, 2008 Nortel Networks Page Nortel Mobile Communication 3100 Series Portfolio