×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

IX Workplace, certificates and TLS
3

IX Workplace, certificates and TLS

IX Workplace, certificates and TLS

(OP)
Hello all,

Thought I would start a new thread as my other was getting too cluttered and I think I may be getting close to getting this working.

I have exported the certificate here and re-named it: WebRootCA.pem




Does this certificate then get uploaded to:?




Next would be creating the Identity Cert for the IPO Itself. How does this look?



Once downloaded as "PEM-encoded" I would add that certificate to the IPO.

After all that, and I enable TLS should my J179's grab the certificate and re-register to the IPO? What about iPhones running the Workplace App?

Thank you!

ACSS

RE: IX Workplace, certificates and TLS

(OP)
Does the WebRootCA.pem downloaded from Web Manager just get placed in the "Primary" folder of embedded file manager?

When I try and place it in: "Primary > certificates > TCS > ADD" I receive the error "HTTP request failed: 403 Forbidden"

ACSS

RE: IX Workplace, certificates and TLS

(OP)
derfloh: when I go to that address it does give me the option to Open or Save it. Is this what needs to be loaded on the external Devices (iPhones / Laptops)?

ACSS

RE: IX Workplace, certificates and TLS

(OP)
derfloh: Thank you. I have disabled "HTTP Avaya Phones Only" and enabled "SIP Remote Extension Enable"

When you say "you have to replace the IP of that of your IPO" where are you referring to?

How does my Identity Certificate look above?

Is there any other certificates needed other than the WebRootCA.pem and the Identity Certificate for the IPO? Does WebRootCA.pem just get downloaded and loaded to external PC's/Phones to run IX Workplace outside of my LAN?

Once I enable TLS will my J179's grab the correct certificates? I am assuming I will need to default them?

ACSS

RE: IX Workplace, certificates and TLS

The phones will load 46xxsettings.txt and it references WebRootCA.pem.

If the IPO IP is 192.168.42.1 you can get the root certificate by loading http://192.168.42.1/WebRootCA.pem or http://192.168.42.1:8411/WebRootCA.pem

If the IP is 172.30.20.1 you have to open http://172.30.20.1/WebRootCA.pem or http://172.30.20.1:8411/WebRootCA.pem

Certificate looks correct.

IP Office remote service
IP Office certificate check
CLI based call blocking
SCN fallback over PSTN

RE: IX Workplace, certificates and TLS

(OP)
derfloh: Thank you.

ACSS

RE: IX Workplace, certificates and TLS

(OP)
derfloh: The documentation says when creating the Identity Certificate to select the "Regenerate" Button and then to Download (PEM-encoded)

When selecting the "Regenerate" button I get this pop-up with the option to download:



Does this get loaded as well or only the .pem file?



Lastly, should I Change the Duration to 398 days?




ACSS

RE: IX Workplace, certificates and TLS

2
Until the end of September 825 days will work. Certificates created later must not be valid more than 398 days.

The p12 file is fine. It contains the server certificate as well as the root certificate.

Only regenerate and apply works for primary servers. If you create a certificate for another machine the way you did it is correct. I.e. for IP500

IP Office remote service
IP Office certificate check
CLI based call blocking
SCN fallback over PSTN

RE: IX Workplace, certificates and TLS

(OP)
derfloh: Thank you. So in the IPO Security Settings > Import Certificate from File, I am only uploading the p12 file correct? Basically the cert.pem wont be used?

ACSS

RE: IX Workplace, certificates and TLS

(OP)
derfloh: Thank you Sir. Would be nice if the documentation mentioned some of these things.

When visiting http://172.30.20.1/WebRootCA.pem - is this the certificate that I download and install on remote devices (PC's / Cell Phones)?

Tomorrow I will load the p12 certificate to "IPO Security Settings > Import Certificate from File" and enable TLS. Is there anything else I may be missing? Will I need to facorty default my J179's to grab the certificates? Will all devices now use TLS?

ACSS

RE: IX Workplace, certificates and TLS

(OP)
I thought of one more question in reguards to creating my Internal DNS A-Record from ix.pfcommunications.com to the PBX.

LAN: 192.168.1.251 (Data VLAN)
WAN: 172.30.20.1 (Voice VLAN)
Internal DNS Server: (192.168.1.5) (Data VLAN)

Everything is programmed on the IPO on the Voice VLAN (DHCP Server for the phones, SIP Trunk, SIP Domain Name, SIP Registrar FQDN) and so on.

Will it work if we do an Internal A-Record from ix.pfcommunications.com to the 172.30.20.1? Or does the A-Record have to stay on the Data VLAN and go to 192.168.1.251? If so, will I need to update my Identity certificate from 172.30.20.1 to 192.168.1.251?

I have IX Workplace working Internally on the Data and Voice VLAN.

Thanks!

ACSS

RE: IX Workplace, certificates and TLS

Using a self signed cert? Just add both IP's in your SAN for the identity certificate. For real world 3rd party certs (GoDaddy, Verisign) Everything is done with DNS entries in the SAN, not IP's.

RE: IX Workplace, certificates and TLS

(OP)
Thanks gents: I updated my Certificate SAN to: DNS:ix.pfcommunications.com, IP:172.30.20.1, IP:192.168.1.251, IP:50.245.XXX.XX, URI:sip:ix.pfcommunications.com

ACSS

RE: IX Workplace, certificates and TLS

(OP)
Ok so I added the certificate and enabled TLS - PBX did a re-boot and the phones logged back in.

How do I know everything worked? Should my J179's show a certificate? IX Workplace still works internally on my laptop.

I did see under "Advanced" > "Identity Certificate" shows "No Certificate Installed"












I am seeing a TLS Error from my Vantage Phone:





ACSS

RE: IX Workplace, certificates and TLS

(OP)
derfloh: Yes it is.

ACSS

RE: IX Workplace, certificates and TLS

(OP)
SET TRUSTCERTS WebRootCA.pem is in my autogenerated 46xxsettings.txt

ACSS

RE: IX Workplace, certificates and TLS

(OP)
Is this part of the problem perhaps?

ACSS

RE: IX Workplace, certificates and TLS

(OP)
I have discovered some sort of issue that may be causing a problem, and its boggling my mind.

I have my PBX (LAN) on the Data VLAN just so I can access the PBX from my desktop.

I have everything else on the Voice VLAN (WAN): DHCP Server (IPO), J179's, SIP Trunk, SIP Domain/Registrar FQDN, Avaya cloud services and so on.

Both VLAN's are configured identical aside from the IP Scheme.

Both VLAN's have no issues getting out to the internet

I just noticed yesterday that IX Workplace will ONLY work on my DATA VLAN.

When I try to log in on my Voice VLAN with my email address, I get "Check your web address and try again"

No issues logging in the same way on my data VLAN.

ACSS

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close