Virtual SBCE and stand alone webLM

[gmacdonald78]

Afernoon,

Looking for a bit of advice and configuring the Avaya standalone Weblm, this is for an a Virtual SBC, do you set the webLM on the A1 or management interface. Im presuming Management but cant find anything to confirm this?

 

[Bucky101]

Virtual ASBCE requires an seperate External WebLM Server (not the build int one) and yes, you use the management interface to connect to the WebLM IP.

 

[gmacdonald78]

This is a separate WebLM, turns out the SBC trust store needs a certificate from the Weblm, this can be done via the ems cli following the steps below:

You can see below error in gui.log:

[c.s.licensing.LicenseStatusManager] WARN: Unhandled exception caught while communicating with WebLM server.
com.avaya.weblm.LicenseException: Problem with connection to server: sun.security.validator.ValidatorException: No trusted certificate found

STEP-1 :

Dump the certificates used during SSL negotiation with the command below run from SBCE (EMS) while setting (save or refresh) licensing from webpage, replace <WebLM Server> with the actual IP address of the WebLM server.

openssl s_client -tls1_2 -showcerts -connect <WebLM Server>:52233

Copy the second (or last if there are more than two) certificate which appears in the output to /home/ipcs/weblm.pem, including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines until the last occurence of the '-' character. You can use the following linux command: #vi /home/ipcs/weblm.pem , paste the certificate chain and save it.



STEP -2 :


Import the /home/ipcs/weblm.pem to the SBCE's(EMS) WebLM client keystore with the command below. It will ask for the keystore password which by default is “password” .

keytool -import -keystore /usr/local/weblm/etc/trusted_weblm_certs.jks -alias weblm -file /home/ipcs/weblm.pem

If the password does not work. Please check the current password using this command:

grep trustStorePassword /usr/local/weblm/etc/trustedcert.properties