Exchanging certificates between the IBM SIP Edge Proxy Server and the Sametime SIP Proxy/Registrar

If you are configured to use TLS between the IBM® SIP Edge Proxy Server and the Sametime® SIP Proxy/Registrar, then you need to exchange certificates between two servers.

About this task

These instructions are for the default certificate. This certificate is meant for internal communications and is not meant to act as a certificate authority. Exchange the root certificates between the servers so that you can change the personal certificate without any impact to communication between the IBM SIP Edge Proxy Server and the Sametime SIP Proxy/Registrar. Follow these instructions to extract the root certificate from the IBM SIP Edge Proxy Server:

Procedure

  1. In the WebSphere Integrated Solutions Console, log in as the WebSphere administrator to the deployment manager that manages the IBM SIP Edge Proxy Server.
  2. Click Security > SSL certificates and key management.
  3. In the Related items section, click Key stores and certificates.
  4. Select CellDefaultTrustStore.
  5. In the Additional properties section, click Signer certificates.
  6. Select the root certificate.
  7. Click Extract.
  8. Specify the local file path and file name, leave the Data type as default selection, and click OK.
  9. Copy the extracted certificate to a location where the Sametime SIP Proxy/Registrar can retrieve the file.

Import the IBM SIP Edge Proxy 's root certificate into the Sametime SIP Proxy/Registrar

About this task

Follow these instructions to import the IBM SIP Edge Proxy Server's root certificate into the Sametime SIP Proxy/Registrar:

Procedure

  1. In the WebSphere Integrated Solutions Console, log in as the WebSphere administrator to the deployment manager that manages the Sametime SIP Proxy/Registrar.
  2. Click Security > SSL certificates and key management.
  3. In the Related items section, click Key stores and certificates.
  4. Select CellDefaultTrustStore.
  5. In the Additional properties section, click Signer certificates.
  6. Click Add.
  7. In the Alias field, type a description for the certificate. For example, type sip-edge-proxy-root-cert.
  8. In the File name field, enter the path and file name for the certificate file. Leave the Data type as the default selection.
  9. Click OK and Save.
  10. Stop and restart all WebSphere® Application Server processes hosting the SIP Proxy/Registrar.

What to do next

Repeat these procedures to extract the SIP Proxy/Registrar's root certificate and import it into the IBM SIP Edge Proxy Server.