Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
AES6.x Renew server certificate by PSN004561u
- Thread starter jTanic
- Start date
It's pretty basic stuff. Say the equivalent of not using the default password your administrator gave you as far as configuring inter-server communication is concerned.
Now, if you do use TLS links and you do need to change it, get ready for an outage to do it, and make sure you lab it out 5 ways from Sunday first. But, spinning up a lab AES in VMWare, even if not licensed, should let you get the whole thing spun up to your CM. You'll be able to go encrypted stuff to the 3rd party apps and to CM, and if you got it right, you'll decrypt messages like "no capacity to do anything because you don't have a license!" and you'll know you nailed it!
Now, if you do use TLS links and you do need to change it, get ready for an outage to do it, and make sure you lab it out 5 ways from Sunday first. But, spinning up a lab AES in VMWare, even if not licensed, should let you get the whole thing spun up to your CM. You'll be able to go encrypted stuff to the 3rd party apps and to CM, and if you got it right, you'll decrypt messages like "no capacity to do anything because you don't have a license!" and you'll know you nailed it!
- Thread starter
- #3
Thanks for the information, it helpful.
However, I want to know how to do it about server certificate will expire January 2018(PSN004561u).
You know any customer using this certificate, AES based client using a TLS connection will not able to communicate with AES server.
I would like to know if you had Avaya support. For example, an renewal certificate was distributed from Avaya.
However, I want to know how to do it about server certificate will expire January 2018(PSN004561u).
You know any customer using this certificate, AES based client using a TLS connection will not able to communicate with AES server.
I would like to know if you had Avaya support. For example, an renewal certificate was distributed from Avaya.
Manage your own certs - that's their answer and practically speaking, also the correct answer.
Think about it - sure, you have encryption and TLS, but how can you trust (and why would you trust) encryption to which you don't control the keys? It's the equivalent of clicking "ignore this web browser warning" and just going along with it anyway. While this was more or less acceptable in the old days, it's less so today.
Like it or not, browsers define web security standards now. Your chrome and firefox automatically update. And if firefox version 348 deprecates allowing you to click past that "invalid cert" message, then you can't see that webpage anymore. So, don't do security at all or do it right. A middle ground of weak security is worse than not being secure at all!
Think about it - sure, you have encryption and TLS, but how can you trust (and why would you trust) encryption to which you don't control the keys? It's the equivalent of clicking "ignore this web browser warning" and just going along with it anyway. While this was more or less acceptable in the old days, it's less so today.
Like it or not, browsers define web security standards now. Your chrome and firefox automatically update. And if firefox version 348 deprecates allowing you to click past that "invalid cert" message, then you can't see that webpage anymore. So, don't do security at all or do it right. A middle ground of weak security is worse than not being secure at all!
- Thread starter
- #5
- Status
Similar threads
- Locked
- Question