Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Avaya IP Office Web Manager Portal and SSL Certificates

Status
Not open for further replies.

Michael33471

Technical User
Oct 8, 2015
14
AU
Hi All

We are in the process of implementing a new Powered by Solution which ultimately is a virtulaised IPO running V11.
Am using J100 Series phones and have TLS 5061 connections only allowed from the handsets.
So i have generated the certificates from the IPO Server Portal 7071, uploaded to the system and handsets work without an issue.

I would like to have a public certificate on the Avaya IP Office Web Manager 7070 portal so that when users access web self management they are not presented with a certificate error.

Have purchased a PositiveSSL Wildcard Certificate from comodo which granted is a cheap one.
Apply this to the web portal and user access is secured.
Export the certificates and upload to IPO so that the handsets pick them up when connecting however this is where we hit an issue.

As the handset trusts Avaya certificates and now i am not issuing one from the IPO the handsets cannot authenticate.

Has anyone sucessfully applied a public SSL Certificate to the IPO and used J100 Series phones over TLS and secured the Web Portal Access ?

Thanks in advance.
 
Yep.

We use a signed certificate added to the SE via the security section of manager - Intermediate and pfx are added. We then use the PEM encoded certificate downloaded from the 7071 page, which we rename to WebRootCA.pem and upload to /opt/ipoffice/system/primary and this seems to work.

We do use a wildcard certificate so we can have one for all our Powered by Hosted customers and I am not 100% on how it differ when you have a dedicated certificate for that system.

| ACSS SME |
 
Firstly, Wild Card Certs are not supported. You need a UC SAN Cert (way more expensive) which includes both the FQDN of your IPO and the SIP Domain as SAN Entries;

FQDN - ipo.domain.com
SIP Domain - domain.com

If you want to use a wildcard, I suggest you try adding this to your 46xxspecials.txt file;

SET TLSSRVRID 0

ACSS (SME)

 
Thanks all
Pepp77, did you have any issues with the initial certificate download to the phone, was that done over 411 or 8411 ?
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top