Adding the CA certificate to the CellDefaultTrustStore

In order for the node agents and application servers to be able to communicate, the CA certificagte from the newly created keystore must be added to the CellDefaultTrustStore.

Before you begin

Expected state: the deployment manager and all node agents in the cluster are started.

About this task

For additional information about default paths, see Directory conventions.

Procedure

  1. In the Integrated Solutions Console, click Security > SSL certificates and key management.
  2. In the "Configuration settings" section, click manage endpoint security configurations.
  3. Select the appropriate outbound configuration to get to the (cell):DMGRCell management scope.
  4. In the "Related items" section, click Key stores and certificates, and then click the CellDefaultTrustStore key store.
  5. In the "Additional properties" section, click Signer certificates > Retrieve from Port.
  6. In the Host field, type the host name or IP address of a Gateway server; in the Port field, type 9403, and in the Alias field, type a name to use as the alias.
  7. Click Retrieve signer information.
  8. Verify that the certificate information represents a trusted certificate.
  9. Click Apply and then Save.
  10. Synchronize your changes to all nodes in the cluster. Click System Administration > Nodes
  11. Select all nodes in the cluster, then click Full Resynchronize.
  12. Open a command window.
  13. In the command window, stop the deployment manager and wait for the command to finish; then restart the deployment manager.

    To stop the deployment manager, navigate to the profile_root\bin directory and use the following commands:

    AIX® and Linux™.

    ./stopManager.sh -username username -password password
./startManager.sh

    Windows™

    stopManager.bat -username username -password password
startManager.bat
  14. Restart the node agents.
    1. Log into the Integrated Solutions Console (http://localhost:9060/ibm/console) on the deployment manager.
    2. Click System Administration > Node agents.
    3. Select all node agents, and then click Restart.
  15. Click Servers > Clusters.
  16. Select the Sametime® Gateway Server cluster, click Stop, and wait for the cluster to stop.
  17. Click Servers > Clusters.
  18. Select the Sametime Gateway Server cluster, click Start, and wait for the cluster to start.
  19. Click Servers > Proxy servers. Note that if you are not connecting to any instant messaging service over SIP, it's not necessary to start the SIP proxy server.
  20. Select the SIP proxy server or servers and click Start.