Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Avaya Aura System Manager v10. Active Directory CA deployment issue

Faisal Raza

Faisal Raza

Systems Engineer
Apr 6, 2021
5
SA
Hi Everyone,

I am trying to replace the Avaya Aura System Manager v10 SSL certificate with our local Active Directory CA server. Can anyone please assist step by step procerdure?

Thanks
 
Sort by date Sort by votes
We have integrated AD into SM to allow us to login using our ADID. Is that what you mean?
 
Upvote 0 Downvote
JefferP said:
We have integrated AD into SM to allow us to login using our ADID. Is that what you mean?
Click to expand...
In our case we are using AD CA server, our all applications / servers are being singed with that Local CA server. The same we need to replace the System Manager's SSL certificate with our Active Directory Certificate Authority server.

If there's any detailed document or guidance is available, kindly share.

Thanks
 
Upvote 0 Downvote
In System Manager go to Services -> Inventory -> Manage Elements.

Check your System Manager server and in the More Actions drop down go to Manage Identity Certificates.

You can then replace the certificates. Generally speaking you should generate a CSR and use that to get a signed certificate from your AD Certificate Services host.

Once done you can then import the certificate.

Don't forget to upload the AD Root CA to each of your Aura hosts' trusted certificate store so that they trust the signed certificate(s).
 
Upvote 0 Downvote
Shaun E said:
In System Manager go to Services -> Inventory -> Manage Elements.

Check your System Manager server and in the More Actions drop down go to Manage Identity Certificates.

You can then replace the certificates. Generally speaking you should generate a CSR and use that to get a signed certificate from your AD Certificate Services host.

Once done you can then import the certificate.

Don't forget to upload the AD Root CA to each of your Aura hosts' trusted certificate store so that they trust the signed certificate(s).
Click to expand...
Hi Shaun,

I've followed the same and then combined the RootCA of my AD CA server. then created PFX file with Password/Key.

-----BEGIN RSA PRIVATE KEY-----
Server Key File
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
Server cer generated by Local CA
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Server CA Certificate
-----END CERTIFICATE-----

I've modified the openssl.cnf file according to the required attributes to generate the CSR.

[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req

[req_distinguished_name]
countryName_default = CN
stateOrProvinceName = Provience
localityName_default = City
organizationalUnitName = Co. Ltd.
commonName = ASMGR.DOMAIN.com
emailAddress_max = dsd@DOMAIN.com

[v3_req]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage=serverAuth, clientAuth
subjectAltName = @alt_names

[alt_names]
DNS.1 = ASMGR.DOMAIN.com
DNS.2 = VASMGR.DOMAIN.com
DNS.3 = ASMGR
DNS.4 = 10.XX.XX.XX

Still getting error mentioned below upon replacing with PFX certificate in "Manage Identity Certificates".

  • The following errors have occurred:

  • Extended Key Usage does not match with the existing certificate.

Please advise accordingly if there's any solution for this issue.

Regards.
 
Upvote 0 Downvote
hi guys,

After upgrading System Manager Communication Manager and Session Manager versions 8.1 to 10.2
SIP device phones display the error message "not found @ domain" when accepting a call from 'an h323 device it does not display name and first name all that in case of imposing French language with the sip device
I changed the French language to English the problem is solved and the sip device displays the cord of the caller
please what happen help me what is the problem

best regards
 
Upvote 0 Downvote
chakib said:
hi guys,

After upgrading System Manager Communication Manager and Session Manager versions 8.1 to 10.2
SIP device phones display the error message "not found @ domain" when accepting a call from 'an h323 device it does not display name and first name all that in case of imposing French language with the sip device
I changed the French language to English the problem is solved and the sip device displays the cord of the caller
please what happen help me what is the problem

best regards
Click to expand...
Hello Chakin.

Please don't mix the topics. Let this thread to be original to resolve the actual issue. Kindly post a new topic for your issue so people can help you accordingly.

Thanks for kind understanding.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

CASSBusinessSystems
  • Question
Avaya Aura - vSphere replication support?
Replies
1
Views
125
JefferP
JefferP
BlackCuervo
  • Locked
  • Question
Polycom SoundStation IP 7000 connected to Avaya Aura Session Manager 8.1 issue
Replies
0
Views
126
BlackCuervo
BlackCuervo
SoftwareRT
  • Locked
  • Question
Avaya Aura / Trace Call In Progress
Replies
3
Views
288
kyle555
kyle555
DTGMI
  • Locked
  • Question
Avaya Aura - CM and J100 Wireless Module
Replies
1
Views
336
madwok
madwok
tdhaslett
  • Locked
  • Question
System Manager Backups Issue
Replies
2
Views
269
tdhaslett
tdhaslett

Part and Inventory Search

Sponsor

Back
Top