Issue a unique certificate request, which consists of the
Subject Alternative Names (SAN) of one or more entries when an encrypted
(TLS) federation with an external community requires it. For example,
when the external community is Microsoft™ Lync
AND the IBM® Sametime® Gateway Server
consists of more than one local domain.
Before you begin
Stop the Sametime Gateway
Cluster environment (Servers, node agents deployment manager, proxies).
About this task
Use the IBM iKeyMan
utility to create a keystore, in which a SAN entries certificate request
is stored. The iKeyman utility is a graphical user interface (GUI)
based tool that you can use to manage your digital certificates. With
iKeyman, you can create a new key database or test a digital certificate,
add certificate authority (CA) roots to your database, copy certificates
form one database to another, request and receive a digital certificate
from a CA, set default keys, and change passwords.The iKeyMan utility
is located in the WAS_ROOT\bin\ikeyman directory.
Procedure
- From the iKeyMan utility, click Key Database
File and then click Open.
- In the Key database type field,
select PKCS12, and then browse to ${CONFIG_ROOT}\STGWKS.p12
and click OK.
- Enter the keystore password.
- Click .
- In the Key Label field, specify
the certificate name.
- In the Key Size field, select 2048 as
the key size for the certificate.
-
In the Signature Algorithm field, select
SHA256WithRSA.
- In the Common Name field, specify
the common name of the certificate in lower case characters.
Note: If
the common name contains upper case characters, some services will
not accept it.
- In the Organization field, type
an organization name. This value is the organization value in the
certificate distinguished name.
- In the Organization unit field,
type the organization unit portion of the distinguished name.
- In the Locality field, type the
locality portion of the distinguished name.
- In the State or Province field,
type the state portion of the distinguished name
- In the Zip Code field, type the
zip code portion of the distinguished name.
- In the Country or region field,
select the two-letter country code portion of the distinguished name.
- In the Subject Alternative Names section, DNS
Name field, enter all of the domains of the local community.
- Make a backup copy of your keystore file. Make this backup
before receiving the CA-signed certificate into the keystore.
- Send the certificate request to a Certificate Authority
for signing.
- Start the Sametime Gateway
cluster DMGR and node agents.
- Synchronize your changes to all nodes in the cluster by
clicking .
- Select all nodes in the cluster, then click Full
Resynchronize.
- Start the Sametime Gateway
cluster.