Equinox and certificates 1

[davea2]

Hi

I am trying to set up Equinox using TLS, however certificates are driving me nuts!
I am just a simple telephone engineer and not an IT security guru

This is on an IP500, I have the cert from the 500 installed on my PC OK, works fine with Web manager.

When I try to configure Equinox vis 46xxsettings.txt it fails with a red triangle and the message 'Failed to parse all certificates'

could anyone shed any light on this for me please?

Cheers

 

[jamie77]

Go Daddy will give you your ID Cert, a key file and the CA/Root Bundle (gd-bundle-g2-g1.crt). Put all these together as a .P12 and upload in to the IPO. It will put everything in the right places for you.

Jamie Green

[bold]A[/bold]vaya [bold]R[/bold]egistered [bold]S[/bold]pecialist [bold]E[/bold]ngineer

 

[davea2]

Hi Jamie

Yes did that using openSSL and the private key on a Linux machine, and the IPO accepted the P12 so I think that's all in place.

 

[davea2]

So I see different things whether I look at the certificates in Chrome, IE or via manager Security settings.
In Manager I get the below.

The highlighted cert is the intermediate I think:-

 

[jamie77]

Looks just like ours, but in a different order. Not sure the order matters though! The one with a blank name is a Go Daddy one too.

Ours is using an auto gen 46xx. Only other thing is SIP domains etc in the LAN settings. Should work like that.

Can you reset Equinox (Settings>Support>Reset Application) and let it load everything again?

Jamie Green

[bold]A[/bold]vaya [bold]R[/bold]egistered [bold]S[/bold]pecialist [bold]E[/bold]ngineer

 

[davea2]

Hi Jamie

Yep, I have reset the app about 400 times

I will doible check the SIP domains in the IPO but if I need to change I will have to do that tonight due to rebooting.

It's interesting that once I have enabled Offer certifate chain it stopped complaining about the certificate and started complaining about the configuration pasing error.
This is with an auto gen 46xx.
If I set up the app manually it seesm to work but I get a red triagnle complaining the telephony is not connected even though I can make a call.
Very odd

Thanks for all the help everyone, much appreciated

 

[janni78]

But this is only the IP Office, don't you need to install the certificate through Platform View so the certificate gets installed on all applications? , at least that was the way when implementing One-X or WebRTC.

"Trying is the first step to failure..." - Homer

 

[jamie77]

I did ours via Manager security only.

Jamie Green

[bold]A[/bold]vaya [bold]R[/bold]egistered [bold]S[/bold]pecialist [bold]E[/bold]ngineer

 

[davea2]

I have struggled to upload certificates via Web manager, they often get rejected as invalid certificate.
Also see above about different browsers

 

[telecomtekperson]

You can use this to check the cert and see the chain:

https://www.sslshopper.com/ssl-checker.html

Did you follow:

https://www.ipofficeassistance.com/create-3rd-party-certificate/

that worked for me

 

[davea2]

Hi

Thanks for the post

I tried the SSL checker and it's green ticks all the way

I did follow that tutorial, mostly, as we are on an IP500 so I can't SSH to it (that I'm aware of!)