{"id":2417,"date":"2016-04-22T16:16:32","date_gmt":"2016-04-22T14:16:32","guid":{"rendered":"http:\/\/blog.novaknet.de\/?p=2417"},"modified":"2016-04-27T09:18:46","modified_gmt":"2016-04-27T07:18:46","slug":"sametime-video-manager-expired-certificate-exchange-root-cert-and-trust-15-years","status":"publish","type":"post","link":"https:\/\/blog.novaknet.de\/?p=2417","title":{"rendered":"Sametime Video Manager expired certificate – exchange root cert and trust 15 years"},"content":{"rendered":"

This is an old one, but it seems it happens a lot of again.<\/p>\n

With the installation of the IBM Sametime Video Manager gold edition (sept. 2013), the Video Manager generates an self-signed<\/strong> one year<\/strong> <\/span>valid ssl certificate.<\/p>\n

\"2016-04-22_11-46-20\"<\/a><\/p>\n

This certificate has to be trusted inside the Sametime Media System to connect via port 5061\/5081 between Media Conference Bridge and Video Manager<\/span><\/p>\n

IBM Wiki:\u00a0Import the Video Manager’s certificate to the Conference Manager<\/a><\/p>\n

After a year you get a new self-signed certificate on the Video manager and the connection\u00a0between Media Conference Bridge and Video Manager ist broken (error 503). You could trust the new Video Manager certificate inside the Media Conference Bridge, but this is – again – for one year.<\/p>\n

IBM already documented to change the certificate to a longer valid certificate or root certificate (15 years).<\/p>\n

IBM Docu:\u00a0Sametime 9 Video Manager – A\/V call fails due to default root certificate expires in one year<\/a><\/p>\n

Because of many people having problem with this documentation i will give you some more details and screenshots\u00a0for this to work (from zero2hero)<\/p>\n

\n
    \n
  1. Login to the Sametime Video Manager ISC (https:\/\/yourvmgrserver:9043\/ibm\/console)<\/li>\n
  2. Navigate to Security<\/em><\/span> > SSL certificate & key management<\/em><\/span> > key stores & certificates<\/em><\/span><\/li>\n
  3. Select the option (or key store) NodeVMGRKeyStore<\/strong><\/span><\/li>\n
  4. Navigate to personal certificate<\/span><\/em> and press the button „import certificate from a key<\/span><\/strong>“
    \n    \"2016-04-22_11-52-39-2\"<\/a><\/li>\n
  5. Select the key store NodeDefaultKeyStore<\/span> and enter the key store password (use „WebAS<\/span>“ because it is the default password for all websphere based keystores) and press button „Get key store aliases<\/span><\/strong>„<\/li>\n
  6. Select in the field certificate alias to import<\/span> the value default<\/strong><\/span> and press the button OK
    \n    \"2016-04-22_11-49-31\"<\/a><\/span><\/strong>
    \n<\/span><\/li>\n
  7. You should now see a certificate called default<\/span><\/strong> with a self-signed root certificate<\/span> (valid for 15years) in common.
    \nPress\u00a0SAVE<\/span><\/strong>\u00a0to write the master configuration.
    \n    \"2016-04-22_11-52-39\"
    \n<\/a>You now need to assign the new certificate to the application server<\/em><\/span><\/li>\n
  8. Navigate to Security<\/em><\/span> > SSL certificate & key management<\/em><\/span> > Manage endpoint security configurations<\/span><\/em>\n