IP Office ContactStore 7.8 Page 78
15-601038 Issue 4b (06 July 2009)IP Office
9.5.3 Installing a Signed SSL Certificate
If you want to install your own SSL certificate, you must replace the certificate distributed with the application. Your
replacement certificate must be specific to your installed server.
Selecting a Certificate Authority (CA)
If you do not already use a certificate authority, you can use:
· http://www.freessl.com/starterssl/starterssl.html - FreeSSL requires that the web server has a fully qualified
domain name (e.g. contactrecorder.bigcorp.com or contactrecorder.division.bigcorp.com) and needs to be able to
send an email to an address like ssladmin@bigcorp.com or administrator@division.bigcorp.com. The list of
addresses can be found on their website, and it includes admin, ssladmin, root, and administrator.
· http://www.instantssl.com - InstantSSL is more flexible and allows intranet addresses (such as WINS names and
IP addresses) as well as fully qualified domain names.
Backing up the Keystore file
In the instructions which follow, replace <installdir> with the location into which you installed Verint ContactStore for
Communication Manager.
The certificates and keys are stored beneath your installation folder in the file:
/opt/witness/keystore/keystore.jks
Because this file contains the original, distributed certificate, it is important to make a backup of it. You will delete this file
during the remaining steps. Should it be necessary to restore the original certificate, you can copy the backup to the
original filename.
Creating the new Certificate
If you would like to test this implementation, you can practice this procedure with a certificate authority's 30-day trial
certificate. Then, to implement real certificates, you can start over from this point.
To create a certificate:
1.Create a new certificate with the real URL of the Verint ContactStore for Communication Manager.
2.Log onto the server and change directory as follows:
cd /opt/witness/keystore
3.Remove the original keystore file
rm keystore.jks
4.Run the java keytool utility with
/javadirectory/bin/keytool -genkey -keystore keystore.jks -alias tomcat -keyalg RSA
5.Fill in the Keytool prompts with the following:
Password: Contact5tor3
· Note: You must type this password, exactly as shown. It is case sensitive.
a.First & Last Name: enter the FQDN, IP address or intranet name
b.Organizational Unit: enter your division
c. Organization: enter your company name
d.City/Location: enter your location
e.State/Province: enter your state
f. Country Code: enter the ISO 2 letter code for your country (for example, GB is the code for United Kingdom)
6.Enter yes if the information is correct.
7.Hit enter when prompted for the second password.
8.Restart the Verint ContactStore for Communication Manager service.
9.Access the Administration pages via https.
10.Check that the certificate matches the information entered.