INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

Certificates for app server

Certificates for app server

(OP)
I have an IP Office R10 (192.168.0.1) and a Linux based app server running One-X and WebRTC (192.168.0.2). I'm working on getting this setup for the Avaya Communicator for web and I have a wildcard certificate. I have went into the app server, Platform View, Settings tab, and imported my wildcard certificate. Then I went to Security Manager, Certificates, and clicked Set selecting my cert. I rebooted the app server.

I'm still seeing the original iposerver-123456789.avaya.com certificate being used in the browser when I go to https://presence.domain.com:7443 and https://192.168.0.2:7443 (I added an entry into my host file for the url). I'm also getting a 404 when I try to go to https://presence.domain.com:7070/PhoneServer and https://192.168.0.2:7070/PhoneServer. Does anyone have any insight on what I need to do to get the correct cert to be used and why I'm getting a 404 when I try to hit the WebRTC test page? I've verified the One-X and WebRTC services are running.

RE: Certificates for app server

Did you import the certificate into your browser or certificate store (depending on the browser you use)?

The truth is just an excuse for lack of imagination.

RE: Certificates for app server

(OP)
My bad, I left that part out. I did import it into Firefox just for giggles. The site still shows it's trying to use the iposerver-123456789.avaya.com cert even though I'm showing my wildcard cert under the Issued To on my app server.

RE: Certificates for app server

(OP)
I loaded the cert onto the IP Office and now I can get a secure connection if I go to https:/presence.domain.com and https://media.domain.com but I get the following error on each page. If I try to add the test port :7443 I get the original cert error showing it's trying to use the iposerver***** cert. If I add the :7070/PhoneService I get the wrong cert again and till get a 404.

CODE -->

URI contains invalid FQDN. DNS resolved address does not match the Interface address 

RE: Certificates for app server

(OP)
I've made it further now but it's still wanting to use the default certificate rather than the wildcard I set on the app server. The wildcard cert is shown when I go to the home page of the app server but when I go to either :7070 or :9443 it tries to use the default cert.

RE: Certificates for app server

I answered in your other ticket, guess we have duplicate threads now

You must tick "Renew automatically" when you import the certificate, otherwise it won't update it on all applications.

"Trying is the first step to failure..." - Homer

RE: Certificates for app server

(OP)
I shouldn't have mentioned the cert issue on that other post, that thread was about the ports being used. I don't see an option to renew automatically on the app server cert section, that is on the IP Office itself.

RE: Certificates for app server

(OP)
This doesn't make any sense. I regenerated a cert on the app server and set it. I exported it and loaded it into my browser. When I got o https://IPOFAPPSERVER I get a secure connecting and verified that it was the cert I had just generated. If I go to https://IPOFAPPSERVER:7070 it resorts back to the original certificate. I connected to my app server (Centos) via winscp and did a search for *iposerver*. The only thing that comes up is the certificate I just generated. I'm sure this is something small that I'm missing or maybe I just have an issue with my build.

RE: Certificates for app server

"Trying is the first step to failure..." - Homer

RE: Certificates for app server

(OP)
Yup, I just hit my idiot button... I was in 7070, not 7071. Janni78 I owe you a brew or two!!

RE: Certificates for app server

I gave him some pink as he spelled it out for you

RE: Certificates for app server

=) To your defence it isn't that clear, I had to read it through a couple of times to figure it out the first time.
It would be easier to only have one place to handle certificates but apparently they needed to complicate things.

It seems like you're supposed to import your root and intermediate certs in the 7070 cert page, and also enable "Offer Chain" so it if you have issues with for example One-X Mobile.

"Trying is the first step to failure..." - Homer

RE: Certificates for app server

(OP)
Well that was exactly what I needed to get my wildcard cert working. Thanks again!! Now if I can just figure out why avaya communicator for web won't connect. I can hit the https://EXTERNALIPFORAPPSERVER:9443/PhoneService and login using a user's account on the IP Office but for some reason the communicator chrome extension won't connect. It just spins.

RE: Certificates for app server

To advise, I never use the webmanagement pages to add a certificate, do it all from security as follows:-

Log in to the Server Edition with IP Office Manager and switch to Security Settings
Navigate to System>Certificates.
Under Trusted Certificate Store, Click "Add" and browse to the location where you unzipped the files earlier. Select the Intermediate.cer file
Under Identity Certificate, ensure that Offer ID Certificate Chain checkbox is ticked and then click "Set".
Check "Import certificate from file" and click "OK" and browse to the location where you unzipped the files earlier.
Next to the Filename, click the dropdown and select "Personal Information Exchange (*.pfx) and select the .pfx file and click "Open"
Enter the password
Click "OK" in the Security Settings and then Save. This will restart all the IP Office services.
After waiting a couple of minutes browse to https://{clientname}.FQDN:7070 and ensure that your browser shows the green padlock.

Has worked everytime.

| ACSS SME |

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close