Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

WebLM and AAM

WebLM and AAM

WebLM and AAM

We have 3 duplex CM's that are located in Asia, Europe, and US from these we are deploying several survivable sites. The first was deployed along with the System Manager and uses the SMGR as its WebLM, all is ok there. The new Duplex's that are deployed in Asia and US have also had standalone WebLM deployed with them as each location has AAM which doesn't support centralized licensing. The problem I have is both AAM have License errors even though each WebLM has AAM Licenses loaded. I think it is probably a certificate issue (not sure). I did save the certificate from the WebLM browser and added it as a TM_INBOUND_TLS trusted certificate to the System Manager in the inventory as described in the WebLM deployment.

So far the AAM has been deployed with the 7.1 OVA and Patches added to SP2 and pr req CM patches were done. Added the SMGR CA certificate to the Trusted Certs and created an endpoint certificate in SMGR and put that in the server/application certificates.

RE: WebLM and AAM

I did the same for the CM's which are on the same WebLM as the AAM (did not go for centralized licensing on CM as we were deploying the WebLM's anyway for the AAM) and the CM got its license ok (CM and WebLM are 8.0)

RE: WebLM and AAM

I've noticed once that deploying AAM 7.1 OVA didn't fill in the hostname from the OVA template, so it was empty in server role and it made WebLM refuse it because WebLM always logs the hostname of the requesting entity.

So, adding the right hostname in server role fixed something like that once for me.

RE: WebLM and AAM

So there isn't a server role option but there was no Hostname in the network settings like you say it was not configured, I added it but it didn't make a difference (I stoped messaging and restarted the server for good measure but still the same). In CM you set the SID to match the one on the license under server role, can the same be done on the AAM considering that I do not have a server role option?

RE: WebLM and AAM

yeah, that's what I meant. weblm has a log file - i'd look there.

I believe new WebLM now has its own little CA if you have to use it standalone and you probably can't easily get the CA cert. If you can wireshark your Windows PC making a TLS handshake and extract the CA cert like this:

You could try adding that to AAM's trusted CAs

RE: WebLM and AAM

Ok so i got it working so here goes if you look in WebLM server CLI


if you look at the the security realm for the WebLM

You can see it is using a self signed Cert "weblmselfsigned.p12" so you can go to you SMGR and much the same as you would for a CM produce an new endpoint INBOUND_OUTBOUND_TLS CERT which produces a new .p12 Certificate when you create the keystore in public web. SFTP the file over to the WebLM and put it in the folder:


Then SSH to the WebLM and su to root user then:

root >service jboss stop
root >cd /opt/Avaya/JBoss/wildfly-10.1.0.Final/standalone/configuration
root >vi standalone.xml <--other text editors are available I use vi as its fairly simple and on all/most linux OS

alter the cert in the standalone.xml (big gap between mynewcert and .p12 is just because i removed the real cert name)

And save the standalone.xml

root >service jboss start

go back to AAM Stop Messaging, reboot server and heh presto license state normal

RE: WebLM and AAM

Good on ya for finding that! Was it in the weblm standalone doc?

RE: WebLM and AAM

Yep in the "Administering standalone Avaya WebLM" for Release 8.0 (version I was using was dated July 2019) on page 47 "Replacing SIP CA or self-signed certificate with third-party certificate" then just made the rest up smile

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close