Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IP Office Server as certificate authority

Status
Not open for further replies.

JazzWizzard

Technical User
Oct 28, 2019
67
CA
Hello everyone,

We have a client that wants to have 3rd party SSL for ease of deployment of IX Workplace (instead of loading the IPO's root CA on their PCs).

Reading Avaya's knowledge base on Implementing IP Office PKI: they talk about having the an external root CA and intermediate CA loaded into the Primary linux server so it can then generate identity certs for the rest of the servers and expansion system in the solution. Since the root CA and intermediate CA are from external authority (ex DigiCert), the identity certificate generated from the Primary Server will be trusted by IX other devices.

The relevant link to the KB is here:
What I'm looking at is approach 2: PKI Trust Domain based on Primary or Linux Application Server Intermediate CA

Has anybody implemeted something like that?
 
A public certificate is in no way more secure than the selfsign certificate from a Server Edition.
I's just easier to use for clients because they already have the Root-CA certificate in the browser or device.
But, in case of Avaya Workplace, this is not needed! Unlike Communicator and older clients, Workplace will read the 46xxsettings file and download the WebRootCA.pem from the IPO and stores it in the client.
You only need to install the root certificate manualy on a PC running Manager or from where Webclient is used. If this is true for a larger number of PC's, your Admin can deploy it with GPO.

It is much less work, and you can do it all without help of other people and resources. Also, remember you need to recreate all identyty certificates every two years.
Not the Root-CA, but the Identity Certificates.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top