Workplace can't connect - certificate issue

[john3voltas]

Hi there.
Here goes.
IPO virtual SE running R11.1.
Workplace for Windows 3.37 but I've tried with releases as old as 3.31 and the result is the same.
IPO's identity certificate was coming to an end, so we regenerated the cert using the same DNS/IP combo.
Customer uploaded the cert to a new Windows 11 Pro PC and installed Workplace. When asked about the setup they chose to use the URL and simply put https://fqdn_of_ipo_server .
Workplace displays an error stating "failed to retrieve system entity ip office".
System Status Application loads perfectly with "secure connection" enabled. No nag stating that it will try to connect unsecure.
How should we debug this issue?
Thanks in advance.
Cheers

 

[Menniss]

Why bother, spend $22 and get a proper cert then you don't need to load anything on the client. So much less hassle. https://comodosslstore.com/essentialssl.aspx

Just a thought, sorry I can't assist I gave up on self-generated certs a long time ago.

 

[derfloh]

If Server Edition create the certificates from WebControl (7071) the CA-Cert will be pushed to the client through the autogenerated 46xxsettings.txt then. The settings file has to be loaded using HTTP (not HTTPS) from IPO or you have to add the CA-Cert to the client before.

 

[M_A]

when using URL web address configuring the workplace app you should use the http not https.
the URL is should be as follow " http://ipo-address/46xxsettings.txt"

 

[john3voltas]

Thank you to everybody coming here to give some insight on this subject.
Very important: if under System>LAN1>VOIP your system doesn't have a SIP Domain Name nor a SIP Registrar FQDN then you need to regenerate the Identity certificate with DNS:192.168.42.1 and IP:192.168.42.1. Use your LAN1 IP address in both instead of 192.168.42.1 which is the default IP address.



My new certificate has 4 entries.
IP:192.168.42.1
IP:192.168.43.1
DNS:192.168.42.1
DNS:mypbx.mydomain,local (use your internal hostname+domain here which usually stands for your FQDN)

And this is how I solved my issue.
Self-signed certificates rule! lol
Thanks guys.

Cheers

 

[john3voltas]

Why bother, spend $22 and get a proper cert then you don't need to load anything on the client. So much less hassle. https://comodosslstore.com/essentialssl.aspx

Just a thought, sorry I can't assist I gave up on self-generated certs a long time ago.

I would. But I'm just a BP technician.
My boss should throw in the 22usd and hand it as 1st year present to the end customer.
It is what it is, I have to find a way to make do with the tools Avaya provides.
But thanks for the tip.
Cheers

 

[derfloh]

Youbhave to ask the customer to spend this 22$. If he doesn’t, create certificates with Server Edition Server/Application Server.