×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

vMiVB 9.0 and Lets Encrypt certificate generation

vMiVB 9.0 and Lets Encrypt certificate generation

vMiVB 9.0 and Lets Encrypt certificate generation

(OP)
Hi,
Has anyone been able to successfully get Let's Encrypt cert generation to work on a virtual MiVB specifically?
I can do the Let's Encrypt certs on MBG and MiCollab via the MSL interface fine, but the MiVB Server Manager it won't work.
I have tried to configure the Remote Proxy in MBG to forward the request to MiVB, but I have a feeling its not working as MBG is trying to authenticate the Let's Encrypt request and thus failing the connection verification.
Just curious more than anything, to see if anyone has been able to do this. It's strange that Mitel has that ability in MiVB Server Manager but yet it doesnt work properly. Or they don't have the necessary setup within MBG to properly deal with the MiVB Let's Encrypt certificate validation process...

Once again, thanks for the input.

RE: vMiVB 9.0 and Lets Encrypt certificate generation

I have not tried this, but MBG proxy may not handle this.

RE: vMiVB 9.0 and Lets Encrypt certificate generation

I would try upload Let's Encrypt Cert to MBG Proxy, once that's successful, download the Cert from MBG Proxy and upload to other servers (MiVB/MiCollab/etc)
This will remove any SSL cert verification complications as the same SSL auth is used through out.


Clever men learns what Wise men shares!

RE: vMiVB 9.0 and Lets Encrypt certificate generation

(OP)
@Valamagules thanks. I was trying to look for an automated way of keeping the MiVB cert up to date via the automatic Let's Encrypt renewal. since Let's Encrypt only issues 3 month certs, it would get hard to manage always exporting and importing the certs every 3 months.

I think i will open a ticket with Mitel Support and see what they say. Seems strange that MiCollab works ok but MiVB does not. It's probably the fact that MBG does not allow virtual directory access to MiVB other than /server-manager/ (or something like that). MiCollab allows more unrestricted access as it has a public portal. I will post back once I get an answer from them.

RE: vMiVB 9.0 and Lets Encrypt certificate generation

Quote:

I would try upload Let's Encrypt Cert to MBG Proxy, once that's successful, download the Cert from MBG Proxy and upload to other servers (MiVB/MiCollab/etc)
This will remove any SSL cert verification complications as the same SSL auth is used through out.

If you do this, just remeber that it will expire and not renew like a normal Let's Encrypt. But it should work as I have done this. On thing I maght ask, does the name of the MiVB resolve externally to the MBG?

RE: vMiVB 9.0 and Lets Encrypt certificate generation

(OP)
Yep, the DNS name resolves externally to the MBG. I set the MBG up with Remote Proxy Services to the DNS name of the MiVB. Basically the exact same as i have done for MiCollab.
I'm wondering if it has to do with the 'supported applications' tab in Remote Proxy Services? It says MiVB requires minimum admin level access whereas MiCollab requires minimum user level access. Maybe there are permission differences on the webserver of MiVB? Just a theory. Not really sure exactly how ACME protocol works. I haven't dug into the inner workings yet.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close