Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Unable to peer UCA server, get 'unable to retrieve SSL certificate from server' error

Status
Not open for further replies.

308win

MIS
May 2, 2001
268
US
We have been unable to get my US UCA server to peer with my EMEA UCA server since we updated the EMEA server to V6.0.57.0 (which is what my US server has been on for several months). The peering seemed broken after the update as we couldn't chat or get status form the other server. I figured since it was broke it would't hurt if I just deleted the peer relationships and recreated them. The EMEA server peers fine with the US server. The US server gets an 'unable to retrieve SSL certificate from server' error when I click 'select enterprise' during the peering process. However a packet capture shows the certificate coming from the EMEA server when I try to peer them.

Mitel support told me that the problem is that my US server certificate's primary name was not the servers name, and that I need to change the names to match. (The actual name was in there as a subject alternative.) I changed the name of my server and it still doesnt work. (The EMEA server was able to pair with the US server when the server name didn't match the certificate name.)

Both private keys are RSA to Mitel support's liking. I learned this before with our MBG and softphones. The output of "grep BEGIN /home/e-smith/ssl*/*"
includes "/vmas.mycompany.com.key:-----BEGIN RSA PRIVATE KEY-----".

Incidently my EMEA server's name initially didn't match the certificate name but it still worked which make me pretty positive that Mitel support is wrong when they told me that the peering problem has to do with the cert on the US server. I changed the EMEA server so the name matched the cert to see if it could clear the US problem but it didn't.

I really think the problem is with something on the EMEA server but Mitel support insists that is isn't.

Clues anybody?

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top