Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IP500, SBC setup using external CA with workplace

Status
Not open for further replies.

phil204

Technical User
Apr 13, 2011
25
GB
Been working on this for quite some time and now hit a brick wall, any help or advice woul dbe greatly received.

Setup

IP500V2 R11.1
ASBCE R8.0
Server edition running as an app server

Customer security checks deem self signed certs as a security risk so ahve demanded we use an external CA

Looking at the docs, my exact sceanrio isnt referred to so having to work blind.

1. Followed docs to apply the .p12 file to the IPO
2. Followed docs to apply SBCE certs (ipo root and ID)

All applied yet the app works without installing the cert. also cannot setup ising web address, advises "a server with the specified hostname could not be found." but does work manually configuring.

I appreciate there are a lot of factors and information that might be required here but reaching out to see if anyone has this setup working?

As a note the whole setup works using self signed certs generated
 

thanks for the reply

it only conatins the the following,

Subject Alternative Name(s): Enter comma separate DNS:<FQDN> and IP:<public IP> entries

cannot put internal IP's as the CA won't allow
 
If you are using an external CA, then you need:
For the IPO: .pfx incluing ID Cert, all intermediates and the key. Upload as normal with Manager/Web Manager.
For the SBC: ID cert with intermediates attached, the intermediate bundle file and the key file/password. Uploadeed to Server and Client ASBCE TLS profiles.

No need to upload the root file anywhere else.

If you are using an external public CA, it won't have the IPs in. They haven't allowed IP addresses as a SAN for about 5 years! Avaya still keep asking for it though!! Idiots!

"a server with the specified hostname could not be found" Soudns liek you have DNS not configured somewhere.

Jamie Green

[bold]A[/bold]vaya [bold]R[/bold]egistered [bold]S[/bold]pecialist [bold]E[/bold]ngineer
 
@jamie77 thx for the input, couple of questions,

This is the same certificate right?? So i just get the .pfx and alos the root, intermidiate and identity but apply them as per the below?
If you are using an external CA, then you need:
For the IPO: .pfx incluing ID Cert, all intermediates and the key. Upload as normal with Manager/Web Manager.
For the SBC: ID cert with intermediates attached, the intermediate bundle file and the key file/password. Uploadeed to Server and Client ASBCE TLS profiles.

works ok twhen manually entering the FQDN so i am confident DNS is good
"a server with the specified hostname could not be found" Soudns liek you have DNS not configured somewhere.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top