Manage TLS certificates 39

4Save both formats of the certificate to a directory location that is accessible from the MCG 3100 Server.

--End--

Root and signed certificate installation

The keystore must contain the following certificates:

the CA root or intermediate certificate (or both as required by the CA) in TXT format

your signed TLS certificate

Procedure 8 “Installing the root and signed certificates” (page

39)describes the steps to import the certificates. You must know the root password to perform the following procedure. Root certificate files require Read and Write permissions for the user nortel.

ATTENTION

The root certificates for some well-known CAs (such as Verisign and Entrust) are preinstalled on the server and many client devices. If you receive a message stating that a certificate is already installed, select Yes to replace it, or No to use the existing certificate.

Procedure 8

Installing the root and signed certificates

Step Action

1At the MCG 3100 Server, log on to the server as nortel.

2Change to the certificate keystore directory: cd /opt/SQMobilityGW

3If the CA requires a root certificate, import it (in TXT format):

/usr/java/jdk1.5.0_03/bin/keytool -import

-trustcacerts -keystore .keystore -alias root -file <absolute_path_root_certificate_file>

4If the CA requires an intermediate certificate, import it (in TXT format):

/usr/java/jdk1.5.0_03/bin/keytool -import -trustcacerts -keystore .keystore -alias intermediate

-file <absolute_path_intermediate_cert_file>

5Import the signed TLS certificate:

/usr/java/jdk1.5.0_03/bin/keytool -import

-trustcacerts -keystore .keystore -alias tomcat -file <absolute_path_signed_certificate_file>

Nortel Mobile Communication 3100 Series Portfolio

Nortel Mobile Communication Gateway 3100 Installation and Upgrades

NN42030-300 02.03 Standard

9 May 2008

Copyright © 2007, 2008 Nortel Networks

Page 39
Image 39
Nortel Networks NN42030-300 manual Root and signed certificate installation, Usr/java/jdk1.5.003/bin/keytool -import