Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Avaya Aura System Manager v10. Active Directory CA deployment issue

Status
Not open for further replies.

Faisal Raza

Systems Engineer
Apr 6, 2021
5
SA
Hi Everyone,

I am trying to replace the Avaya Aura System Manager v10 SSL certificate with our local Active Directory CA server. Can anyone please assist step by step procerdure?

Thanks
 
We have integrated AD into SM to allow us to login using our ADID. Is that what you mean?
 
We have integrated AD into SM to allow us to login using our ADID. Is that what you mean?
In our case we are using AD CA server, our all applications / servers are being singed with that Local CA server. The same we need to replace the System Manager's SSL certificate with our Active Directory Certificate Authority server.

If there's any detailed document or guidance is available, kindly share.

Thanks
 
In System Manager go to Services -> Inventory -> Manage Elements.

Check your System Manager server and in the More Actions drop down go to Manage Identity Certificates.

You can then replace the certificates. Generally speaking you should generate a CSR and use that to get a signed certificate from your AD Certificate Services host.

Once done you can then import the certificate.

Don't forget to upload the AD Root CA to each of your Aura hosts' trusted certificate store so that they trust the signed certificate(s).
 
In System Manager go to Services -> Inventory -> Manage Elements.

Check your System Manager server and in the More Actions drop down go to Manage Identity Certificates.

You can then replace the certificates. Generally speaking you should generate a CSR and use that to get a signed certificate from your AD Certificate Services host.

Once done you can then import the certificate.

Don't forget to upload the AD Root CA to each of your Aura hosts' trusted certificate store so that they trust the signed certificate(s).
Hi Shaun,

I've followed the same and then combined the RootCA of my AD CA server. then created PFX file with Password/Key.

-----BEGIN RSA PRIVATE KEY-----
Server Key File
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
Server cer generated by Local CA
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Server CA Certificate
-----END CERTIFICATE-----

I've modified the openssl.cnf file according to the required attributes to generate the CSR.

[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req

[req_distinguished_name]
countryName_default = CN
stateOrProvinceName = Provience
localityName_default = City
organizationalUnitName = Co. Ltd.
commonName = ASMGR.DOMAIN.com
emailAddress_max = dsd@DOMAIN.com

[v3_req]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage=serverAuth, clientAuth
subjectAltName = @alt_names

[alt_names]
DNS.1 = ASMGR.DOMAIN.com
DNS.2 = VASMGR.DOMAIN.com
DNS.3 = ASMGR

DNS.4 = 10.XX.XX.XX

Still getting error mentioned below upon replacing with PFX certificate in "Manage Identity Certificates".

  • The following errors have occurred:

  • Extended Key Usage does not match with the existing certificate.

Please advise accordingly if there's any solution for this issue.

Regards.
 
hi guys,

After upgrading System Manager Communication Manager and Session Manager versions 8.1 to 10.2
SIP device phones display the error message "not found @ domain" when accepting a call from 'an h323 device it does not display name and first name all that in case of imposing French language with the sip device
I changed the French language to English the problem is solved and the sip device displays the cord of the caller
please what happen help me what is the problem

best regards
 
hi guys,

After upgrading System Manager Communication Manager and Session Manager versions 8.1 to 10.2
SIP device phones display the error message "not found @ domain" when accepting a call from 'an h323 device it does not display name and first name all that in case of imposing French language with the sip device
I changed the French language to English the problem is solved and the sip device displays the cord of the caller
please what happen help me what is the problem

best regards
Hello Chakin.

Please don't mix the topics. Let this thread to be original to resolve the actual issue. Kindly post a new topic for your issue so people can help you accordingly.

Thanks for kind understanding.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top