Adding additional certificate for a service

Last Updated : Nov 27, 2021 |

About this task

Use this procedure to add an additional certificate for following services of Session Manager:

  • securitymodule_http (HTTP)

  • securitymodule_sip (SIP)

Note:

If you run the initTM -f command, the system removes all certificates and replaces with default certificates.

Procedure

  1. On the System Manager web console, click Services > Inventory > Manage Elements.
  2. On the Manage Elements page, select an element, and click More Actions > Manage Identity Certificates.
  3. On the Manage Identity Certificates page, select the service name to which you want to add another certificate.
  4. Click Add.

    On the Add Identity Certificate page, select one of the following:

    • Add new Internal CA Signed certificate

    • Add new external CA signed certificate

    • Generate Certificate Signing Request (CSR) for adding external CA signed certificate

  5. Click Add new Internal CA Signed certificate, and do the following:
    1. Select the Common Name (CN) check box and type the common name that is defined in the existing certificate.
    2. In Key Algorithm, select the key algorithm.

      System Manager uses the SHA2 algorithm for generating certificates.

    3. In Key Size, select the required key size.
    4. In Subject Alternative Name, select the relevant options, and enter the details.
    5. Optional In OtherName, type the other name for the certificate signing request.
    6. To add the internal CA signed certificate, click Commit.
  6. Click Add new external CA signed certificate, and do the following:
    1. In Please select a file (PKCS#12 format), choose the file from your local computer.
    2. In Password, type the password.
    3. Click Retrieve Certificate.

      The Certificate Details section displays the details of the certificate.

    4. Review the details of the uploaded certificate.
    5. To add a new, external CA-signed certificate, click Commit.
  7. Click Generate Certificate Signing Request (CSR) for adding external CA signed certificate, and do the following:
    1. Select the Common Name (CN) check box and type the common name that is defined in the existing certificate.
    2. In Key Algorithm, select the key algorithm.

      System Manager uses the SHA2 algorithm for generating certificates.

    3. In Key Size, select the required key size.
    4. Optional In Subject Alternative Name, select the relevant options and enter the details.
    5. In OtherName, type the other name for the certificate signing request.
    6. Click Generate CSR.
    7. Ensure that the downloaded CSR is third-party signed.
    8. Import the signed certificate by using the Import third party certificate option.
  8. For the newly generated certificates to take effect, restart the System Manager Application server.