We have been unable to get my US UCA server to peer with my EMEA UCA server since we updated the EMEA server to V6.0.57.0 (which is what my US server has been on for several months). The peering seemed broken after the update as we couldn't chat or get status form the other server. I figured since it was broke it would't hurt if I just deleted the peer relationships and recreated them. The EMEA server peers fine with the US server. The US server gets an 'unable to retrieve SSL certificate from server' error when I click 'select enterprise' during the peering process. However a packet capture shows the certificate coming from the EMEA server when I try to peer them.
Mitel support told me that the problem is that my US server certificate's primary name was not the servers name, and that I need to change the names to match. (The actual name was in there as a subject alternative.) I changed the name of my server and it still doesnt work. (The EMEA server was able to pair with the US server when the server name didn't match the certificate name.)
Both private keys are RSA to Mitel support's liking. I learned this before with our MBG and softphones. The output of "grep BEGIN /home/e-smith/ssl*/*"
includes "/vmas.mycompany.com.key:-----BEGIN RSA PRIVATE KEY-----".
Incidently my EMEA server's name initially didn't match the certificate name but it still worked which make me pretty positive that Mitel support is wrong when they told me that the peering problem has to do with the cert on the US server. I changed the EMEA server so the name matched the cert to see if it could clear the US problem but it didn't.
I really think the problem is with something on the EMEA server but Mitel support insists that is isn't.
Clues anybody?
Mitel support told me that the problem is that my US server certificate's primary name was not the servers name, and that I need to change the names to match. (The actual name was in there as a subject alternative.) I changed the name of my server and it still doesnt work. (The EMEA server was able to pair with the US server when the server name didn't match the certificate name.)
Both private keys are RSA to Mitel support's liking. I learned this before with our MBG and softphones. The output of "grep BEGIN /home/e-smith/ssl*/*"
includes "/vmas.mycompany.com.key:-----BEGIN RSA PRIVATE KEY-----".
Incidently my EMEA server's name initially didn't match the certificate name but it still worked which make me pretty positive that Mitel support is wrong when they told me that the peering problem has to do with the cert on the US server. I changed the EMEA server so the name matched the cert to see if it could clear the US problem but it didn't.
I really think the problem is with something on the EMEA server but Mitel support insists that is isn't.
Clues anybody?