Adequate administrative permissions.
Parent topic: CA Certificates and their Usage
- Store the new key in rootkey.pem and store the certificate request in rootreq.pem using the following command:
openssl req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem -config root.cnf -nodes
- Sign the certificate using the certificate request and private key. Store it in rootcert.pem using the following command:
openssl x509 -req -in rootreq.pem -sha1 -extfile root.cnf -extensions v3_ca -signkey rootkey.pem -out rootcert.pem -days 3650
- Copy the file rootcert.pem to root.pem.
- View the certificate using the following command:
openssl x509 -text -noout -in rootcert.pem
The certificate is used on peer systems to verify the client and server certificates that will be used by the Lotus Sametime Unified Telephony Server. It is also located in the directory indicated by the following RTP parameters:
- This procedure should be repeated if separate certificates are needed for each interface (EndPoint or MutualAuthentication) and for each connection type (Client or Server).
- Once the certificate has been stored in the directories listed, run the following command above as the root user in each directory.
The RTP parameters can contain the same directory name so the certificate only needs to be copied once and the c_rehash command only executed once.