test

N1 Service Provisioning System 4.1 Installation Guide

ProcedureHow to Configure SSL Server and Client Authentication

Steps

  1. Install the Master Server, Local Distributor and Remote Agent and select SSL when the installation program prompts you to select a connection type. When prompted to select a cipher suite, select encryption with authentication.

  2. Generate a key pair for the Local Distributor and store it in the private store for the Local Distributor.


    % ld/bin/crkeys –private –generate –alias ldhostname.cr.com –validity 365

  3. Generate a key pair for the Master Server and store it in the private store for the Master Server.


    % server/bin/crkeys –private –generate –alias mshostname.cr.com –validity 365

  4. Export the self-signed certificate from the private store for the Local Distributor into a file.


    % ld/bin/crkeys –private –export –file ld.cert –alias ldhostname.cr.com

  5. Copy the self-signed certificate for the Local Distributor to the Master Server.

  6. Import the self-signed certificate into the Master Server trust store.


    % server/bin/crkeys –trust –import –file ld.cert –alias ldhostname.cr.com

  7. Export the self-signed certificate from the private store for the Master Server into a file.


    % server/bin/crkeys –private –export –file ms.cert –alias mshostname.cr.com

  8. Copy the self-signed certificate for the Master Server to the Local Distributor.

  9. Import the self-signed certificate into the Local Distributor trust store.


    % ld/bin/crkeys –trust –import –file ms.cert –alias mshostname.cr.com

  10. Create a new host.

  11. On the new host, add a Local Distributor with the connection type SSL.

  12. If already running, stop the Master Server and the Local Distributor.

  13. Start the Master Server and the Local Distributor.

  14. Provide the key store password for the Master Server and Local Distributor.

  15. Test the connection to the Local Distributor.

  16. Generate a key pair for the Remote Agent and store it in the private store for the Remote Agent.


    % agent/bin/crkeys –private –generate –alias rahostname.cr.com –validity 365

  17. Export the self-signed certificate from private store for the Remote Agent into a file.


    % agent/bin/crkeys –private –export –file ra.cert –alias rahostname.cr.com

  18. Copy the self-signed certificate for the Remote Agent to the Local Distributor.

  19. Import the self-signed certificate into the Local Distributor trust store.


    % ld/bin/crkeys –trust –import –file ra.cert –alias rahostname.cr.com

  20. Copy the self-signed certificate for the Local Distributor, exported in Step 4, to the Remote Agent machine.

  21. Import the self-signed certificate into the Remote Agent trust store.


    % agent/bin/crkeys –trust –import –file ld.cert –alias ldhostname.cr.com

  22. Create a new host.

  23. On the new host, add a Remote Agent with the connection type SSL.

  24. Copy the transport.config file to the Remote Agent.

  25. If already running, stop the Local Distributor and Remote Agent.

  26. Start the Local Distributor and the Remote Agent.

  27. Provide the key store password for the Local Distributor and Remote Agent.

  28. Test the connection to the Remote Agent.