Fr0gg3r - MaartenS
Technical User
Hi all,
After searching the web for a few weeks I still haven't found a way to fix my problem.
I need to make the switch to SIP TLS to get SSO running for Workplace.
But I just can't seem to get the SIP TLS working on Workplace for newly installed workplace clients.
No issue with the already installed workplace clients.
Setup:
- SE IPO R11.1FP2SP2
- Installed a 3rd party CA domain certificate.
- 5 x Workplace running, using HTTPS (with the domain certificate).
All is working fine using TCP port 5080.
I'm not yet looking at remote working, just want to get it to work internally first.
I don't want to use TLS on the Jseries, create a 46xxspecials with siptcontroller= IP:5080 tcp
-> works good.
So: I enable TLS for port 5081 in the configuration of the IPO, after a reboot TLS is active.
As a test I manually edit the configuration of the Workplace client and set it to TLS port 5081
-> logout/login -> PREFECT it is running on TLS now !
-> I see in Sysmon + SSA that the client is using TLS. Wireshark SIP is now not readable anymore, just TLS packets.
Now the issue:
I reset that Workplace client 'reset application':
Configure it via e-mail address -> it gets the 46xxsettings file -> I enter login credentials.
-> does not work.
-> the client is now not even able to connect the HTTPS(no green marker for presence), SIP not logged in on IPO.
trace of sysmon:
pcap of Workplace for HTTPS port 411:
I'm byfar an expert in this matter, but is does seems to be the correct workflow.
pcap of Workplace for SIP TLS:
Now this is something else, for me it looks like the TLS is being setup and terminated without any encrypted data going between the client and server ...
If anyone can help me out here.
[tt][/tt]
thanks.
After searching the web for a few weeks I still haven't found a way to fix my problem.
I need to make the switch to SIP TLS to get SSO running for Workplace.
But I just can't seem to get the SIP TLS working on Workplace for newly installed workplace clients.
No issue with the already installed workplace clients.
Setup:
- SE IPO R11.1FP2SP2
- Installed a 3rd party CA domain certificate.
- 5 x Workplace running, using HTTPS (with the domain certificate).
communication is working fine, users are logged in, no errors or problems
- a few J1xx serie phones.All is working fine using TCP port 5080.
I'm not yet looking at remote working, just want to get it to work internally first.
I don't want to use TLS on the Jseries, create a 46xxspecials with siptcontroller= IP:5080 tcp
-> works good.
So: I enable TLS for port 5081 in the configuration of the IPO, after a reboot TLS is active.
The workplace still runs on TCP 5080. All good.
I checked the autgenerated 46xxsettings file: SET SIP_CONTROLLER_LIST xxx.xxx.xxx.xxx:5081;transport=tls -> GOOD
As a test I manually edit the configuration of the Workplace client and set it to TLS port 5081
-> logout/login -> PREFECT it is running on TLS now !
-> I see in Sysmon + SSA that the client is using TLS. Wireshark SIP is now not readable anymore, just TLS packets.
Now the issue:
I reset that Workplace client 'reset application':
Configure it via e-mail address -> it gets the 46xxsettings file -> I enter login credentials.
-> does not work.
-> the client is now not even able to connect the HTTPS(no green marker for presence), SIP not logged in on IPO.
trace of sysmon:
pcap of Workplace for HTTPS port 411:
I'm byfar an expert in this matter, but is does seems to be the correct workflow.
pcap of Workplace for SIP TLS:
Now this is something else, for me it looks like the TLS is being setup and terminated without any encrypted data going between the client and server ...
If anyone can help me out here.
[tt][/tt]
thanks.
