Distributing certificates for Transport Layer encryption from the Conference Manager servers to the SIP Proxy/Registrar

If you installed the SIP Proxy/Registrar on separate computers or as a separate cell profile from the other Sametime® Media Manager servers, you must extract the signed security certificate from the Conference Manager component and add the certificate to the SIP Proxy/Registrar. This step does not apply if you installed all components of the Media Manager and SIP Proxy/Registrar on the same cell profile.

Before you begin

Extract the certificate used by each Conference Manager component and copy it to a location from which the SIP Proxy/Registrar can copy the file.

  1. Log in to the IBM® WebSphere® Application Server Integrated Solutions Console on the server that has the Conference Manager certificate.
  2. Click Security > SSL Certificates and key management > Key stores and certificates > NodeDefaultKeyStore > Personal certificates.
    • In a non-clustered environment, the certificate is on the same computer as the Media Manager (Conference Manager) component.
    • In a clustered environment, the certificate is on the WebSphere Application Server proxy used by the Conference Manager.
  3. Select the Alias default if you used a self-signed certificate or select the appropriate signed certificate you want to share and click Extract.
  4. Type a unique file name for the signed certificate.
  5. Copy the extracted certificate to a location from which the SIP Proxy/Registrar component can retrieve the file.

About this task

Follow these steps to add the signed certificates of the Conference Manager component to the SIP Proxy/Registrar.

Procedure

  1. Log in to the SIP Proxy/Registrar component's Integrated Solutions Console.
  2. Click Security > SSL Certificates and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates.
    Note: If CellDefaultTrustStore is not in the table then choose NodeDefaultTrustStore.
  3. Click Add.
  4. In the Alias field, type a description for the certificate. Include information about what kind of certificate it is, such as an internal self-signed certificate, a public self-signed certificate or a public Certificate Authority.
  5. In the File name field, type the path to the certificate file; for example:

    c:\cm-pr.cer or c:\ps-pr.cer

  6. Click OK.
  7. Click Save.
  8. Restart the server.
  9. Repeat these steps for each Media Manager component.