Deployment Guide
Configuration Guide 37
Figure 9-1. Example .CSR File
2
Follow your organizational process for acquiring an SSL server certificate from a Certificate Authority. Send the contents
of the <csr-filename> for signing.
NOTE: There are several methods to request a valid certificate. An example method is shown in
Example Method to Request a Certificate
.
3
When the signed certificate is received, store it in a file.
4
As a best practice, back up this certificate in case an error occurs during the import process. This backup will prevent
having to start the process over.
Import a Root Certificate
NOTE: If the root certificate Certificate Authority is Verisign (but not Verisign Test), skip to the next procedure and import the signed
certificate.
The Certificate Authority root certificate validates signed certificates.
1
Do
one
of the following:
• Download the Certificate Authority root certificate, and store it in a file.
• Obtain the enterprise directory server root certificate.
2
Do
one
of the following:
• If you are enabling SSL for Compliance Reporter, Console
Web Services, Device Server, or Legacy Gatekeeper
Connector, change to the component
conf
directory.
• If you are enabling SSL between the Server and the enterpri
se directory server, change to
<Dell install dir>\Java
Runtimes\jre1.x.x_xx\lib\security
(The default password for JRE cacerts is
changeit
).
3
Run Keytool as follows to install the root certificate:
keytool -import -trustcacerts -alias <ca-cert-alias> -keystore .\cacerts -file
<ca-cert-filename>
Example:
keytool -import -alias Entrust -keystore .\cacerts -file .\Entrust.cer
Example Method to Request a Certificate
An example method to request a certificate is to use a web browser to access the Microsoft CA Server, which will be set up
internally by your organization.
1
Navigate to the Microsoft CA Server. The IP address will be supplied by your organization.