IP Office ContactStore 7.8 Page 79
15-601038 Issue 4b (06 July 2009)IP Office
Appendix: Advanced Security
11.Double click the padlock icon. Internet Explorer should warn you that the certificate is unsigned. However, it
should no longer display a message that indicates the certificate does not match the web server name.
Tip: If you do get a warning that the certificate does not match, check that the Common Name matches the URL. Double
click the padlock, select the details tab, and click the Subject line. This displays the Common Name.
Generating a Certificate Signing Request
You need a Certificate Signing Request (CSR) as the first step of the signing process. When you have it, paste it into the
Certificate Authority's web page. To generate a CSR:
1.Re-run the keytool command
/javadirectory/bin/keytool -certreq -keystore keystore.jks -alias tomcat
2.Enter the password - which is Contact5tor3.
3.Copy and paste the output into the CA's web page. (Include the BEGIN and END lines.)
4.Complete the verification process
5.Reply to the verification emails and other verification steps until you obtain a signed certificate back from the CA.
Importing the CA's certificates
Before you can import your certificate reply, you need to import the certificate authority's
root certificate and any intermediate certificates between their root and your certificate.
To acquire these certificates:
1.Download these certificates from the certificate authority's website.
2.Save the root as rcert.crt and any intermediate as icert.crt. If you have more than one intermediate certificate,
give them separate filenames.
To import all your certificates:
1.Import the root certificate by running keytool:
/javadirectory/bin/keytool -import -keystore keystore.jks -alias root -file rcert.crt
2.Enter the password - which is Contact5tor3.
3.Import the intermediate (if required).
/javadirectory/bin/keytool -import -keystore keystore.jks -alias inter -file icert.crt
· If you have more than one intermediate certificate, import them as inter1, etc.
4.Import your signed certificate.
5.Save the file the CA sent as cert.crt.
6.Import with the keytool.
/javadirectory/bin/keytool -import -keystore keystore.jks -alias tomcat -file cert.crt
7.Restart the Verint ContactStore for Communication Manager service.
8.Access the administration pages using https.
9.Double click the padlock icon and ensure that Internet Explorer no longer displays a message that the certificate is
unsigned.
Backing up the keystore file
The keystore file now contains:
· the random private key that is unique to this web server
· the signed certificate you just paid for