4
Root and signed certificate installation
The keystore must contain the following certificates:
•
•
Procedure 8 "Installing the root and signed certificates" (page
39)
password to perform the following procedure. Root certificate files require
Read and Write permissions for the user nortel.
ATTENTION
The root certificates for some well-known CAs (such as Verisign and Entrust)
are preinstalled on the server and many client devices. If you receive a message
stating that a certificate is already installed, select Yes to replace it, or No to use
the existing certificate.
Procedure 8
Installing the root and signed certificates
Step
1
2
3
4
5
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
Copyright © 2007, 2008 Nortel Networks
.
Save both formats of the certificate to a directory location that is
accessible from the MCG 3100 Server.
the CA root or intermediate certificate (or both as required by the CA)
in TXT format
your signed TLS certificate
describes the steps to import the certificates. You must know the root
Action
At the MCG 3100 Server, log on to the server as nortel.
Change to the certificate keystore directory:
cd /opt/SQMobilityGW
If the CA requires a root certificate, import it (in TXT format):
/usr/java/jdk1.5.0_03/bin/keytool -import
-trustcacerts -keystore .keystore -alias root
-file <absolute_path_root_certificate_file>
If the CA requires an intermediate certificate, import it (in TXT
format):
/usr/java/jdk1.5.0_03/bin/keytool -import
-trustcacerts -keystore .keystore
-alias intermediate
-file <absolute_path_intermediate_cert_file>
Import the signed TLS certificate:
/usr/java/jdk1.5.0_03/bin/keytool -import
-trustcacerts -keystore .keystore -alias tomcat
-file <absolute_path_signed_certificate_file>
Nortel Mobile Communication 3100 Series Portfolio
NN42030-300 02.03 Standard
--End--
9 May 2008
Manage TLS certificates 39