ACM 7.0 - AES 7.0 - ACR 15.1

[AllanM1973]

Hi Everybody

I did a connection between AES 7.0 and ACR 15.1.
the configuration seems good as before with ACR 11 and AES 6.3
But now the TSAPI and DMCC are DOWN
They are 4 majors alarms :
- DMCC API not running on (AES address) Reason : Remote host closed connection during handshake
- Link to CTI on (AES address) reporting error : NO such TLINK
- Link to CTI on (AES address) reporting error
- Recorder fatal error: Main CTI feed.

I import already the root CA into the ACR server from AES

In the logs of AES, i see this :
- closing channel because of an exception during handshake: Client requested protocol TLSv1 not enabled or not supported

Could somebody have a idea, what is it my mistake please ?

 

[sl1input]

Have you enabled TLS 1.0 in AES?

AES Web GUI > Networking > TCP/TLS settings

Enable all 3 TLS versions

 

[AllanM1973]

Yes they are.
The 3 TLSv1 Protocol have been Configured.

For information into the ACR server (under windows server), I didn't modify the acr.proprieties file. I let the default configuration (so the file is empty).

 

[G van Hamburg]

I’m having the same issue here and I think it might be related to the certificate. I am deploying new certificates with SMGR as CA and will continue tomorrow.

Plan your work............Work your plan

 

[AllanM1973]

Hi everybody,

I follow the documentation "Avaya Contact Recorder"
Release 15.1 Planning, Installation and Administration Guide

Appendix F: Advanced Security Settings
Installing a Signed SSL Certificate

Generating a Certificate Signing Request
You need a Certificate Signing Request (CSR) as the first step of the signing process. When you have it, paste it into the Certificate Authority's web page. To generate a CSR:
1. Re-run the keytool command (still in the keystore directory as above) keytoolcommand -certreq -keystore keystore.jks -alias tomcat
2. Enter the password, which is Contact5tor3.
3. Copy and paste the output into the CA's web page. (Include the BEGIN and END lines.)
4. Complete the verification process
5. Reply to the verification emails and other verification steps until you obtain a signed certificate back from the CA.

But into the step 4, i don't know the process to do it with SMGR, maybe if somebody could guide me how to do it with SMGR maybe my problem will be fix

Many thanks for your help

 

[G van Hamburg]

Hi Allen, to insert smgr certificate in AES just follow Avaya PSN004561u. Also on your AES uncheck DMCC under 'Authenticate Client Cert with Trusted Certs', which can be found under Security, HostAA, service settings. Also note that the name of the T-link must match the settings on ACR. I used the shortname of CM on all fields.

Plan your work............Work your plan

 

[AllanM1973]

I did also the AES with SMGR and follow step by step the creation of certification.
As they said also, i put the file xxx.pem into Program File/Avaya/ContactRecorder/keystore/cacerts
but still have the link TSAPI and DMCC down with alarm no such TLINK.
AES is into 7.0.1 SP4 and patch also the ACR with acr-15.1fp1-1023

I verify if the TSAPIuser and DMCCuser are into CTI and check the unrestricted access for the CTI users.

One of the thing that i didn't do is to import the CA of CSR but for that i must to know how to use the SMGR for the Certificate Signing Request for ACR in the step 4 of generating CSR.

I didn't see any process for AES 7.0 with ACR 15.1 but I saw a lot of process for AES 6.3 with ACR 12.

If somebody did it already just guide please me because i got lose I think

 

[Wanebo]

Steps 3 through 5 refer to things you must do with the certificate authority (CA). This would be whoever issues your certificates, and the process for those steps could be different depending on who the CA is.

 

[AllanM1973]

Thanks Wanebo but I would like to use the SMGR as I did with AES.

For sure i did a bad process and I am in the bad way. Maybe into the Appendix F: Advanced Security Settings, I don't need some step but only "Adding Additional AES CA Root Certificates to ACR". But also this i did.