Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations MikeeOK on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Import SMGR CA Cert to Session Manager

Status
Not open for further replies.
RedTech443

RedTech443

MIS
Nov 22, 2013
600
US
L:eek:oking for best practice guidance on not using the default cert in Session Manager 8.1

I have a newly deployed SMGR 8.1 and Session Manager 8.1
Currently all connected using default certs.

I am looking to harden it a bit and replace with a System Manager signed cert. I did this while back but seems I cannot find the options to do so anymore.

How do I import the System Manager cert into Session Manager and validate that session manager is only using this cert for further communication?



 
Sort by date Sort by votes
as of 6.3.8, initTM makes SM use a cert it requests from your SMGR. initTM -d makes it offer the demo cert on the SIP interface

Regardless, initTM always makes SM download and trust the SMGR CA cert because SM always has SMGR-signed certs on its management interface for inter-process communication and DRS

If you go in inventory, pick your SM, and configure identity certs and check what the Common Name is of the SM100 cert - if it's "not your SMFQDN-SM100.yourdomain.com", then it'd be demo

Easy tip: go in firefox, - you'll never get a webpage, but you will do a TLS handshake and be able to click the cert in the browser and see whats up
 
Upvote 0 Downvote
I checked under Manage Identity Certificates and see the following, but no FQDN names that I can see.

9-10-2019_10-30-29_AM_fhaudt.jpg
 
Upvote 0 Downvote
Sorry cannot seem to get my pic any larger for some reason...

 
Upvote 0 Downvote
Yeah, so you select security module http or sip, scroll down or click view or something and it'll show you info about the certificate being used for the security module.
 
Upvote 0 Downvote
Correct. So, you'd click replace with a CA signed certificate for both security module HTTP and SIP and SM would go get new certs from SMGR to use on those interfaces.

I hope you're in a lab and don't mind breaking things.
 
Upvote 0 Downvote
Looking at some of the options, I think I can simply "replace" it? Would I need to re-sync SM after using initDRS or something?


9-10-2019_11-08-34_AM_poyxnb.jpg
 
Upvote 0 Downvote
Thanks Kyle, yes it is all in a lab right now. I am trying to break stuff on purpose today !!



 
Upvote 0 Downvote
Replace this Certificate with Internal CA Signed Certificate Fails no matter what I enter for information.

I only get
"Error while generating CA signed certificate"




 
Upvote 0 Downvote
check the management certificate and see if it's good?

I use that feature. Havent done it to flip from demo to CA signed before though... if you set the enrollment password and initTM -f it'll start from scratch
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

phoneguy55
  • Locked
  • Question
Session Manager Identity Certificates
Replies
3
Views
616
kyle555
kyle555
kozlik
  • Locked
  • Question
Session Manager "cust account expired" 1
Replies
2
Views
583
phoneguy55
phoneguy55
Vivek2005
  • Question
Avaya Session manager Call disconnection from lumen SIP trunk
Replies
0
Views
228
Vivek2005
Vivek2005
Vivek2005
  • Locked
  • Question
Hello all, Did any did upgrade of Avaya Session manager from 8.1.3.9 to 10.2.1 upgrade? 1
Replies
8
Views
665
dialtonebone
dialtonebone
C
  • Question
avaya vsp weblm cert expired
Replies
1
Views
256
jimbojimbo
jimbojimbo

Part and Inventory Search

Sponsor

Back
Top