Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

AACC security certificate to install on AAAD client

Status
Not open for further replies.
nortavaya

nortavaya

Technical User
Sep 20, 2006
415
0
0
MA
Hi all,

Our customer is running AACC R7 integrated with Aura R8 and I want to know from where I can download the certificate that must be installed on the client PC (with AAAD installed) ?

Do I need to exported only from AACC ? or I need also to export it from SMGR ?

Which is the certificate file that AAAD can accept (.crt or .cer) ?

Thank you in advance for your help.

Regards.
 
Sort by date Sort by votes
I would presume SMGR. AACC needs to use AES for CTI on CM. To do that with the special mode of not needing licensing, it needs to do a secure handshake.

That being the case, it's pretty much required that AES and AACC enroll to SMGR to accomplish all that, so I'd figure that'd be setup in your environment properly.

Do a wireshark of a AAAD trying to connect and put a display filter of "ip.addr == 1.2.3.4" without the quotes presuming 1.2.3.4 was the AACC you were registering to.

When registering, if you see a client hello from you and a server hello back, you can watch the TLS handshake and see what certificate is being offered by AACC that you need to trust.

You can even export it from Wireshark to import into Windows Trusted Root CA store.
 
Upvote 0 Downvote
Hi kyle555,

Thanks for your reply, I found on the documentation that you can also export the certificate from AACC (Security Manager > Store maintenance > Export root certificate) that can be used by client machines

I think don't need to use Wireshark

Thank you.
 
Upvote 0 Downvote
Hi,

On the AAAD logs, I have the below error:

Error (Web Exception) retrieving data from Web Service GetSiteParameterBeforeLogin
EXCEPTION:
System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

However, I have install the certificate into PC Agent

Any idea ?

Thank you.
 
Upvote 0 Downvote
pcap it? in the FATAL message when the handshake is refused, it might put some more info in there.

Like, could not establish trust relationship means its probably not because it's expired, but that the code for AAAD applies some strict rules - like if it's a default cert and AAAD wants to see a Common Name or subjectAlternativeName that = the FQDN or something.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SanjayP1976
  • Locked
  • Question
Command to check the SM Certificate expiry
Replies
1
Views
63
JefferP
JefferP
hcmbmt
  • Locked
  • Question
SMGR 6.3 Renew certificate failed
2
Replies
21
Views
534
serg0
serg0
sanniadnan
  • Locked
  • Question
SMGR's (System Manager) Certificate Auto Renewed
Replies
6
Views
165
JefferP
JefferP
PhoneITGuy
  • Question
K175 phone and app install
Replies
0
Views
152
PhoneITGuy
PhoneITGuy
Richard_Harrow
  • Question
Both security modules of session managers are showing as "down" after changing the time on
Replies
6
Views
132
mattKnight
mattKnight

Part and Inventory Search

Sponsor

Back
Top