beautypg.com

Cisco OL-5742-01 User Manual

Page 28

background image

Chapter 18 Configuring SGM Security

Implementing SSL Support in SGM

18-28

Cisco Signaling Gateway Manager User Guide

OL-5742-01

SGM generates the following files:

/opt/CSCOsgm/etc/ssl/server.key is the SGM server’s private key. Ensure
that unauthorized personnel cannot access this key.

/opt/CSCOsgm/etc/ssl/server.cer is the self-signed SSL certificate.

/opt/CSCOsgm/etc/ssl/server.csr is a certificate signing request (CSR). It
is not used if you are using a self-signed SSL certificate.

To install a new SSL key and a CA-signed certificate, generate the key and a
CSR by logging in as the root user on the SGM server and entering the
sgm keytool genkey command.

SGM stops the SGM server and issues the following prompts:

Country Name (2 letter code) []:

State or Province Name (full name) []:

Locality Name (eg, city) []:

Organization Name (eg, company) []:

Organizational Unit Name (eg, section) []:

Common Name (your hostname) []:

Email Address []:

Enter the requested information.

SGM generates the following files:

/opt/CSCOsgm/etc/ssl/server.key is the SGM server’s private key. Ensure
that unauthorized personnel cannot access this key.

/opt/CSCOsgm/etc/ssl/server.csr is a CSR.

/opt/CSCOsgm/etc/ssl/server.cer is the self-signed SSL certificate. It is
not used if you are using a CA-signed SSL certificate; the CA-signed
certificate overrides the self-signed certificate.

Print the CSR in X.509 format, by logging in as the root user on the SGM
server and entering the sgm keytool print_csr command.

Send the CSR to a certificate authority (CA) to be signed.

After the CA signs the certificate, log in as the root user on the SGM server
and enter the following command:

# ./sgm keytool import_cert cert_filename

where cert_filename is the name of the signed certificate.

SGM stops the SGM server and imports the certificate in X.509 format.