Certificates for app server 2

[anon0101]

I have an IP Office R10 (192.168.0.1) and a Linux based app server running One-X and WebRTC (192.168.0.2). I'm working on getting this setup for the Avaya Communicator for web and I have a wildcard certificate. I have went into the app server, Platform View, Settings tab, and imported my wildcard certificate. Then I went to Security Manager, Certificates, and clicked Set selecting my cert. I rebooted the app server.

I'm still seeing the original iposerver-123456789.avaya.com certificate being used in the browser when I go to

https://presence.domain.com:7443

and

https://192.168.0.2:7443

(I added an entry into my host file for the url). I'm also getting a 404 when I try to go to

https://presence.domain.com:7070/PhoneServer

and

https://192.168.0.2:7070/PhoneServer.

Does anyone have any insight on what I need to do to get the correct cert to be used and why I'm getting a 404 when I try to hit the WebRTC test page? I've verified the One-X and WebRTC services are running.

 

[critchey]

Did you import the certificate into your browser or certificate store (depending on the browser you use)?

The truth is just an excuse for lack of imagination.

 

[anon0101]

My bad, I left that part out. I did import it into Firefox just for giggles. The site still shows it's trying to use the iposerver-123456789.avaya.com cert even though I'm showing my wildcard cert under the Issued To on my app server.

 

[anon0101]

I loaded the cert onto the IP Office and now I can get a secure connection if I go to https:/presence.domain.com and

https://media.domain.com

but I get the following error on each page. If I try to add the test port :7443 I get the original cert error showing it's trying to use the iposerver***** cert. If I add the :7070/PhoneService I get the wrong cert again and till get a 404.

URI contains invalid FQDN. DNS resolved address does not match the Interface address

 

[anon0101]

I've made it further now but it's still wanting to use the default certificate rather than the wildcard I set on the app server. The wildcard cert is shown when I go to the home page of the app server but when I go to either :7070 or :9443 it tries to use the default cert.

 

[janni78]

I answered in your other ticket, guess we have duplicate threads now

You must tick "Renew automatically" when you import the certificate, otherwise it won't update it on all applications.

"Trying is the first step to failure..." - Homer

 

[anon0101]

I shouldn't have mentioned the cert issue on that other post, that thread was about the ports being used. I don't see an option to renew automatically on the app server cert section, that is on the IP Office itself.

 

[anon0101]

This doesn't make any sense. I regenerated a cert on the app server and set it. I exported it and loaded it into my browser. When I got o

https://IPOFAPPSERVER

I get a secure connecting and verified that it was the cert I had just generated. If I go to

https://IPOFAPPSERVER:7070

it resorts back to the original certificate. I connected to my app server (Centos) via winscp and did a search for *iposerver*. The only thing that comes up is the certificate I just generated. I'm sure this is something small that I'm missing or maybe I just have an issue with my build.

 

[janni78]

"Trying is the first step to failure..." - Homer

 

[anon0101]

Yup, I just hit my idiot button... I was in 7070, not 7071. Janni78 I owe you a brew or two!!

 

[joe2938]

I gave him some pink as he spelled it out for you

 

[janni78]

=) To your defence it isn't that clear, I had to read it through a couple of times to figure it out the first time.
It would be easier to only have one place to handle certificates but apparently they needed to complicate things.

It seems like you're supposed to import your root and intermediate certs in the 7070 cert page, and also enable "Offer Chain" so it if you have issues with for example One-X Mobile.

"Trying is the first step to failure..." - Homer

 

[anon0101]

Well that was exactly what I needed to get my wildcard cert working. Thanks again!! Now if I can just figure out why avaya communicator for web won't connect. I can hit the

https://EXTERNALIPFORAPPSERVER:9443/PhoneService

and login using a user's account on the IP Office but for some reason the communicator chrome extension won't connect. It just spins.

 

[Pepp77]

To advise, I never use the webmanagement pages to add a certificate, do it all from security as follows:-

Log in to the Server Edition with IP Office Manager and switch to Security Settings
Navigate to System>Certificates.
Under Trusted Certificate Store, Click "Add" and browse to the location where you unzipped the files earlier. Select the Intermediate.cer file
Under Identity Certificate, ensure that Offer ID Certificate Chain checkbox is ticked and then click "Set".
Check "Import certificate from file" and click "OK" and browse to the location where you unzipped the files earlier.
Next to the Filename, click the dropdown and select "Personal Information Exchange (*.pfx) and select the .pfx file and click "Open"
Enter the password
Click "OK" in the Security Settings and then Save. This will restart all the IP Office services.
After waiting a couple of minutes browse to

https://{clientname}.FQDN:7070

and ensure that your browser shows the green padlock.

Has worked everytime.

| ACSS SME |