test

N1 Service Provisioning System 4.1 Installation Guide

ProcedureHow to Configure SSL Server Authentication

By default, cipher suites requiring server authentication are enabled, so no change is required in the config.properties file to enable cipher suites.

Steps

  1. Generate a key pair for the Local Distributor and store it in the private store for the Local Distributor.


    % ld/bin/crkeys –private –generate –alias ldhostname.cr.com –validity 365

  2. Export the self-signed certificate from the private store on the Local Distributor into a file.


    % ld/bin/crkeys –private –export –file ld.cert –alias ldhostname.cr.com

  3. Copy the self-signed certificate for Local Distributor to the Master Server.

  4. Import the self-signed certificate into the Master Server trust store.


    % server/bin/crkeys –trust –import –file ld.cert –alias ldhostname.cr.com

  5. Create a new host.

  6. On the new host, add a Local Distributor with the connection type SSL.

  7. For the Local Distributor, use the CLI net.gencfg command to manually generate the transport.config file.

  8. Copy the transport.config file to the Local Distributor.

  9. If already running, stop and the Master Server and the Local Distributor.

  10. Start the Master Server and the Local Distributor.

  11. Provide the key store password for the Master Server and Local Distributor.

  12. Test the connection to the Local Distributor.

  13. Generate a key pair for the Remote Agent and store it in the private store for the Remote Agent.


    % agent/bin/crkeys –private –generate –alias rahostname.cr.com –validity 365

  14. Export the self-signed certificate from the private store on the Remote Agent into a file.


    % agent/bin/crkeys –private –export –file ra.cert –alias rahostname.cr.com

  15. Copy the self-signed certificate for the Remote Agent to the Local Distributor.

  16. Import the self-signed certificate into the Local Distributor trust store.


    % ld/bin/crkeys –trust –import –file ra.cert –alias rahostname.cr.com

  17. Create a new host.

  18. On the new host, add a Remote Agent with the connection type SSL.

  19. For the Remote Agent, use the CLI net.gencfg command to manually generate the transport.config file.

  20. Copy the transport.config file to the Remote Agent.

  21. If already running, stop the Local Distributor and Remote Agent.

  22. Start the Local Distributor and the Remote Agent.

  23. Provide the key store password for the Local Distributor and Remote Agent.

  24. Test the connection to the Remote Agent.