Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Which CA to use for Server Edition Certificate

Status
Not open for further replies.
PhonesTech

PhonesTech

Technical User
Nov 19, 2014
61
CA
Hi Everyone, We're implementing Avaya IP office Server Edition with Avaya Workplace applications. We've used self signed certificates for a long time.
I'm new to CA certificates, but from the online reading it seems we can't get a certficate with IP addresses. Just wanted to see is there any CA that meets Avaya's requirement or do we have to use self signed certificates? We wanted one with Multiple SAN Entries:
DNS Name: voip2.domain.com
DNS Name: voip1.domain.com
DNS Name: Domain.com
IP: x.x.x.x
IP: y.y.y.y
URI:SIP: domain.com
 
Sort by date Sort by votes
The IP Office self-signed certs are fine if all your servers and clients are internal.

Avoid Entrust - they are in deep doo-doo with Google at the moment (under threat of being blocked).

Pretty well any external CA will work. If you intending to support VoIP softphones, certs from big players like DigiCert are best as they are already have pre-installed certs in the Android, Apple, Windows OS's that make them trusted.

But yes, most certificate providers shun the use of IP addresses, and that means full FQDN/DNS routing to your IP Office is a must.

Stuck in a never ending cycle of file copying.
 
Upvote 0 Downvote
Since you are using Avaya Workplace you have 2 choices:
1. Buy a cert from a public CA
2. Add your root CA from your SE install to the devices.

If you can easily manage the CAs on your devices, use the private CA on your SE, IMHO.

I did a certificate from GoGetSSL.com, and they let me add an IP for the SAN (I use FQDN, but I like having both as it helps with deskphones). It works for Avaya Workplace on our IOS devices.

I'm guessing you already know you can NOT use a wildcard cert.
 
Upvote 0 Downvote
It is possible to get wildcard certs to work. But it won't be supported. If you do a search on SIP RFCs and wildcard certificates, you'll find that its not just the IP Office team that don't like them. And recent domain security enhancements are increasing that dislike.

Stuck in a never ending cycle of file copying.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

L
  • Locked
  • Question
safety certificate expiring IPOFFICE Server edition
Replies
2
Views
171
LuigiEspo
L
john3voltas
  • Locked
  • Question
Server Edition expansion systems (security settings/users/certificates)
Replies
9
Views
476
derfloh
derfloh
smartedge1
  • Locked
  • Question
SERVER EDITION WEBSOCKET
Replies
7
Views
698
derfloh
derfloh
finest
  • Locked
  • Question
Alternative SBC to ASBCE - Server Edition (we have both physical server and server edition virtual)
Replies
3
Views
492
Fr0gg3r - MaartenS
Fr0gg3r - MaartenS
William C290
  • Locked
  • Question
Migrate Media Manager to Server Edition
Replies
1
Views
395
greggster
greggster

Part and Inventory Search

Sponsor

Back
Top