×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

Equinox Issue

Equinox Issue

Equinox Issue

(OP)
Setup a new customer on Equinox yesterday (after several weeks of back and forth with the customers IT for the certificate and firewall works).

This customer has 8 sites, all on IP500s on R11 connected via SCN. Therefore we purchased a SAN Cert with all 8 DNS names entered into the cert as site.company.com

Uploaded the cert to the first system and when I go to https://site.company.com/46xxsettings.txt it returns the correct file with what appear to be all the correct settings in it and shows a valid cert with all the correct settings showing.

I therefore setup equinox on mobile with the https://site.company.com/46xxsettings.txt, and then login and I get the error

VoIP Phone Service Unavailable - Invalid SIP domain

I have a play with the app and if I turn off TLS and amend the port from xx61 to xx60 (we dont use 506/5061) the app logs in perfectly fine as TCP and I can make and receive calls.

This leads me to think the issue is related to the certs in some way (this is the first SAN we have used, out hosted uses a wildcard cert and in house we have a single site cert), but not sure what that issue could be.

Any thoughts/ideas on where to look?

| ACSS SME |

RE: Equinox Issue

Along with the lists os FQDNs in the SAN cert, have you added the domain also. It sounds like you haven't.

the cert should include both FQDN AND domain. ie, site1.company.com AND company.com is the SANs.

Equinox is fine with a wildcard cert, but you won't get SRTP I don't think. Always best to get a Multi SAN cert and you are covered for all. Wildcard certs are not allowed in the SIP RFCs.

Jamie Green

Avaya Registered Specialist Engineer

RE: Equinox Issue

(OP)
Hi Guys

Thanks for the replies, I think jamie has hit the nail on the head - with a wilcard cert this isn't an issue, but on the SAN we do not have just company.com on there (but on checking our in house Cert we do have just company.com on ours)

As the domain is only being used for Equinox I am going to try and cheat the IPO by just amending the domain on there to the FQDN and see what happens, before we deal with getting the certificate amended.

| ACSS SME |

RE: Equinox Issue

(OP)
Just to update, I changed the domain on the VoIP tab from company.com to site.company.com and now Equinox connects without complaint over TLS and calls work without issue.

| ACSS SME |

RE: Equinox Issue

Getting the right certs out of customer is very challenging!! We are finding that most IT people have no idea how to do it!!!

Jamie Green

Avaya Registered Specialist Engineer

RE: Equinox Issue

(OP)
This one was our fault, it is the first SAN we have suggested to a customer and only told them to setup the 8 site.company.com names on it.

| ACSS SME |

RE: Equinox Issue

I have the exact same situation. Is there a workaround short of getting a new certificate with the domain name listed?

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close