Cisco OL-5742-01 User Manual
Page 28
Chapter 18 Configuring SGM Security
Implementing SSL Support in SGM
18-28
Cisco Signaling Gateway Manager User Guide
OL-5742-01
SGM generates the following files:
–
/opt/CSCOsgm/etc/ssl/server.key is the SGM server’s private key. Ensure
that unauthorized personnel cannot access this key.
–
/opt/CSCOsgm/etc/ssl/server.cer is the self-signed SSL certificate.
–
/opt/CSCOsgm/etc/ssl/server.csr is a certificate signing request (CSR). It
is not used if you are using a self-signed SSL certificate.
•
To install a new SSL key and a CA-signed certificate, generate the key and a
CSR by logging in as the root user on the SGM server and entering the
sgm keytool genkey command.
SGM stops the SGM server and issues the following prompts:
Country Name (2 letter code) []:
State or Province Name (full name) []:
Locality Name (eg, city) []:
Organization Name (eg, company) []:
Organizational Unit Name (eg, section) []:
Common Name (your hostname) []:
Email Address []:
Enter the requested information.
SGM generates the following files:
–
/opt/CSCOsgm/etc/ssl/server.key is the SGM server’s private key. Ensure
that unauthorized personnel cannot access this key.
–
/opt/CSCOsgm/etc/ssl/server.csr is a CSR.
–
/opt/CSCOsgm/etc/ssl/server.cer is the self-signed SSL certificate. It is
not used if you are using a CA-signed SSL certificate; the CA-signed
certificate overrides the self-signed certificate.
Print the CSR in X.509 format, by logging in as the root user on the SGM
server and entering the sgm keytool print_csr command.
Send the CSR to a certificate authority (CA) to be signed.
After the CA signs the certificate, log in as the root user on the SGM server
and enter the following command:
# ./sgm keytool import_cert cert_filename
where cert_filename is the name of the signed certificate.
SGM stops the SGM server and imports the certificate in X.509 format.