Issue a unique certificate request, which consists of the
Subject Alternative Names (SAN) of one or more entries when an encrypted
(TLS) federation with an external community requires it. For example,
when the external community is Microsoft™ Lync
AND the IBM® Sametime® Gateway Server
consists of more than one local domain.
Before you begin
Stop the Sametime Gateway
Server.
About this task
Use the IBM iKeyMan
utility to create a keystore, in which a SAN entries certificate
request. The iKeyman utility is a graphical user interface (GUI) based
tool that you can use to manage your digital certificates. With iKeyman,
you can create a new key database or test a digital certificate, add
certificate authority (CA) roots to your database, copy certificates
form one database to another, request and receive a digital certificate
from a CA, set default keys, and change passwords.The iKeyMan utility
is located in the WAS_ROOT\bin\ikeyman directory.
Procedure
- From the iKeyMan utility, click Key Database
File and then click Open.
- In the Key database type field,
select PKCS12, and then browse to ${CONFIG_ROOT}\cells\cell
name\nodes\node name\key.p12 and
click OK.
- Enter the keystore password.
- Click .
- In the Key Label field, specify
the certificate name.
- In the Key Size field, select 2048 as
the key size for the certificate.
- In the Signature Algorithm field,
select SHA1WithRSA.
- In the Common Name field, specify
the common name of the certificate in lower case characters.
Note: If
the Common Name contains upper case characters, some services will
not accept it.
- In the Organization field, type
an organization name. This value is the organization
value in the certificate distinguished name.
- In the Organization unit field, type the organization unit
portion of the distinguished name.
- In the Locality field, type the
locality portion of the distinguished name.
- In the State or Province field,
type the state portion of the distinguished name
- In the Zip Code field, type the
zip code portion of the distinguished name.
- In the Country or region field,
select the two-letter country code portion of the distinguished name.
- In the Subject Alternative Names section, DNS
Name field, enter all of the domains of the local community.
- Make a backup copy of your keystore file. Make this backup
before receiving the CA-signed certificate into the keystore.
- Send the certificate request to a Certificate Authority
for signing.
- Start the Sametime Gateway
Server.