Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Equinox and certificates 1

Status
Not open for further replies.
davea2

davea2

Technical User
Mar 14, 2005
742
GB
Hi

I am trying to set up Equinox using TLS, however certificates are driving me nuts!
I am just a simple telephone engineer and not an IT security guru :)

This is on an IP500, I have the cert from the 500 installed on my PC OK, works fine with Web manager.

When I try to configure Equinox vis 46xxsettings.txt it fails with a red triangle and the message 'Failed to parse all certificates'

could anyone shed any light on this for me please?

Cheers

 
Sort by date Sort by votes
Is there a 46xxsetting.txt file in your directory?

If so, delete it, and let the system auto=generate a new one.

As long as you have the SIP registrar and other settings setup properly, should be good then


 
Upvote 0 Downvote
No, I am using the auto generated one with any changes in 46xxspecials.txt (which only relates to making K175 Vantage use TCP instead of TLS)
 
Upvote 0 Downvote
Buy a UCC cert from go daddy and set your SANs (Subject Alternative Names) with your FDQN and SIP domain names. Equninox is quite picky with TLS certs. wildcards (*.domain type) are not allowed with SIP traffic.

This way you don't need to install anything on the PC, it will 'just work' with the auto gen 46xx.

Just to note though. When using these type of certs there seems to be a mjor issue with ASBCE not likeing them with J100s which we have out with Avaya currently.

Jamie Green

[bold]A[/bold]vaya [bold]R[/bold]egistered [bold]S[/bold]pecialist [bold]E[/bold]ngineer
 
Upvote 0 Downvote
jamie77 - I was coming to the conclusion that a 3rd party cert was the only way I was going to sort iy.
The self signed ones cause no end of bother.

Cheers

 
Upvote 0 Downvote
Definitely go the UCC SAN cert route. It will work better and is more secure.

Not recommending it but I have got it working with Wildcards. Search this forum and I'm sure you'll find it in one of the J100 or Equinox threads. Works with both (no SBC).

@jamie77 - thanks for the heads up on the TLS and ASBCE - Classic Avaya. Although now there is TLS and encrypted calls we don't deploy SBC's for remote access. We only use them for SIP trunking. We use Sonus (Ribbon).

What kills me was how easy it was to connect a Polycom via TLS to the IP Office when it took me weeks to get it working with Avaya's own products!

ACSS (SME)

 
Upvote 0 Downvote
Thats why we love 'em!! Evrything is so easy!!!

Jamie Green

[bold]A[/bold]vaya [bold]R[/bold]egistered [bold]S[/bold]pecialist [bold]E[/bold]ngineer
 
Upvote 0 Downvote
Equinox works OK using TCP, in-house but I get a constant warning triangle that the Contact Service is Unavailable?
 
Upvote 0 Downvote
I have setup a lot of Equinox with Certs.

Its all in the Knowledge base.

Piece of advice do not touch 46xxsettings file keep it autogenerated unless you have expierence with Custom Certs, this is not needed in this case.
 
Upvote 0 Downvote
Hi Folks

I have a Go daddy UCC cert set with the FQDN and SIP domain.
I have it set in the IPO and if I browsae to the URL for Web Manager I get a padlock and the browser reports it's all OK

Equinox still doesn't not like it. The 46xxsettings is auto gen, do I need to save the cert as WebRootCA.pem and upload it somewhere?
Any tips?
It's driving me nuts!

Cheers!

 
Upvote 0 Downvote
I should add that I am having problems with the mobile app on Android.
The desktop app in-house seesm fine with the new cert.
 
Upvote 0 Downvote
do I need to save the cert as WebRootCA.pem and upload it somewhere?"

Yes, to System > Primary folder.

Double check the .PEM file here to make sure you have the right one

Link

ACSS (SME)

 
Upvote 0 Downvote
Hmm, same issue.

Strangely if I look at the certificates in Web Manager using Chrome I see The Certificate.
If I use IE I do not.

I exported the cert via Chrome Web manager
 
Upvote 0 Downvote
I got back from Go Daddy our actual cert and a bundle cert wich I assume inludes the intermediate and Go daddy root ca cert?
Cany upload the bundle though, says it's an invalid certificate
I have out cert set in the IPO and the Go Daddy root ca, although not sure I should need that?

Would I upload the intern
mediate to the trusted certificate store?
 
Upvote 0 Downvote
I have this

Capture_mt5e5o.jpg
 
Upvote 0 Downvote
You usually need to enable "Offer ID Certificate Chain".

"Trying is the first step to failure..." - Homer
 
Upvote 0 Downvote
I enabled Offer ID Certificate Chain (Via Manager Security, Web manager would not let me do it)

Now the error on Equinox has changed from saying there is a problem with the certificate to 'Configuration Pasring Error'
(I am setting up via the 46xxsettings.txt file.)
Progress?
 
Upvote 0 Downvote
I don't get how you exported the Cert from Chrome.

You should have a PFX cert with the certificate and the intermediate that you import through the web interface.

"Trying is the first step to failure..." - Homer
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

john3voltas
  • Locked
  • Question
Server Edition expansion systems (security settings/users/certificates)
Replies
9
Views
1K
derfloh
derfloh
homemade88
  • Locked
  • Question
Avaya Workplace Certificates
Replies
2
Views
643
Shaun E
Shaun E
dsm600rr
  • Locked
  • Question
Remote J100's - New/Renew TLS Certificates 3
Replies
5
Views
755
dsm600rr
dsm600rr
TonyAMIC
  • Locked
  • Question
SBCE, IPO certificates from GoDaddy
Replies
1
Views
424
biglebowski
biglebowski
finest
  • Question
Subscription systems and IPOSS 1
Replies
1
Views
352
MikeeOK
MikeeOK

Part and Inventory Search

Sponsor

Back
Top