Adding a trusted CA certificate to the keystoreAdded by IBM on November 23, 2011 | Version 1 (Original)
|Add your new Certificate Authority certificate to the keystore to establish the trust relationship in SSL communication.
Add your new Certificate Authority certificate to the keystore to establish the trust relationship in SSL communication.
Before you begin
The keystore that you want to add the CA certificate to must already exist.
Expected state: the Deployment Manager and node agents are started. The servers are stopped.
Parent topic: Setting up SSL on a cluster
Previous topic: Obtaining the root certificate
Next topic: Configuring the SIP proxy server to use SSL
- In the Integrated Solutions Console, click Security -> SSL certificates and key management.
- Click Key stores and certificates -> CellDefaultTrustStore -> Signer certificates .
- Click Add.
- Type a certificate alias in the Alias field. The alias is how the certificate is referenced in the keystore.
- In the File name field, type the file name and path to where the certificate is located.
- Select the appropriate file data type.
- Click Apply and then Save.
- Synchronize your changes to all nodes in the cluster. Click System Administration -> Nodes
- Select all nodes in the cluster, then click Full Resynchronize.
- Open a command window.
- In the command window, stop the Deployment Manager and wait for the command to finish, and then restart the Deployment Manager. Use the user name and password that you provided when you enabled administrative security to stop the Deployment Manager. Open a command window and navigate to the stgw_profile_root\bin directory and use the following commands:
AIX, Linux, and Solaris
./stopManager.sh -username username -password password
stopManager.bat -username username -password password
stopManager -username username -password password
- Restart the node agents.
- Log into the Integrated Solutions Console ( http://localhost:9060/ibm/console) on the Deployment Manager.
- Click System Administration -> Node agents .
- Select all node agents, and then click Restart.
- Choose Servers -> Clusters.
- Select the Sametime® Gateway cluster and click Start.
- Click Servers -> Proxy servers. Note that if you are not connecting to any instant messaging service over SIP, it's not necessary to start the SIP proxy server.
- Select the SIP proxy server or servers and click Start.
- Choose Server -> Application servers.
- Select the XMPP proxy server and click Start. Note that if you are not connecting to any instant messaging service over XMPP, it's not necessary to start the XMPP proxy server.