Announcement

Collapse
No announcement yet.
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • SSL Certificate for Conference Bridge

    I just bought a godaddy certificate and they want 2048. When i generate a certificate, it doesnt give me an option to select any encryption.

    I did generate one, but godaddy will not take it unless its 2048 or higher.

    How do i set this in the conference bridge?

    Thanks!

    Version: 7.1.3b4657-32

  • #2
    Also, does the bridge interface work with IE8?

    Comment


    • #3
      I have found that the interface is a little picky in IE8, try entering the address as follows

      http(s)://<ip of server>/admin/

      The 's' will be required if you told the bridge to use https for local connections (a good idea) and if you leave off the trailing '/' IE8 chokes for some reason.

      Comment


      • #4
        Oh i should of been more specific, i was asking if IE8 was supported on the client side?

        My VAR finally responded with the information for the SSL install. Here it is in a nutshell.

        1. download openssl light windows install and install ( you may need the C++ 2008 redist )
        2. go to the open ssl directory and run openssl.exe
        3. Run "req -new -newkey rsa:2048 -keyout hostkey.pem -nodes -out hostcsr.pem" at the prompt without the quotes
        4. fill in the certificate prompts as you would during any other cert then fill out the password and company name.
        5. rename the hostcsr file to a text file or just open it in notepad.
        6. Paste the output into SSL issuers site

        Once the cert is issued,
        1. Login to the CB server console, click on domains, click on SSL edit
        2. Browse to CSR file downloaded from SSL provider and select for the cert field.
        3. Browse to the hostkey.pem file created by the openssl process above and select it for the key field.
        4. Type in the password used to create the original SSL cert with open ssl
        5. Click submit.

        I used godaddy and i downloaded the apache cert, used without issue.

        Comment


        • #5
          What about the intermediate certificate? We were thinking of buying a 2048 cert from Entrust, and they use intermediate certificates with their 2048 certs.

          Comment


          • #6
            Originally posted by nj54321 View Post
            What about the intermediate certificate? We were thinking of buying a 2048 cert from Entrust, and they use intermediate certificates with their 2048 certs.
            GoDaddy do the same, is there a solution for this?

            Comment


            • #7
              Originally posted by francismcphail View Post
              GoDaddy do the same, is there a solution for this?
              Found out there is no support for SSL certificates that use intermediary certificates. I've asked our reseller to request change be put into the system.

              Comment


              • #8
                I used the same method as icetoad and picked other work with no issues on IE8

                Comment


                • #9
                  I had no luck with GoDaddy at all. Ended up buying a RapidSSL cert for 3 years. Total cost was $28USD.

                  Originally posted by jbunce View Post
                  I used the same method as icetoad and picked other work with no issues on IE8

                  Comment


                  • #10
                    Geocert

                    Originally posted by francismcphail View Post
                    I had no luck with GoDaddy at all. Ended up buying a RapidSSL cert for 3 years. Total cost was $28USD.
                    I used GEOCERT and it worked like a charm. I called support and asked for a stacked root CA PEM key and they sent it over.

                    Put in the SSL Cert, the Key and PEM and done.

                    They have it now in the KB over at GEOCERT.... Quick Easy and EASY but not 30 bucks LOL:red_indian:

                    Comment


                    • #11
                      Im Stuck!!

                      I have received my SSL certificate through Thawte and tried converting both the x.509 and pkcs#7 certificate into a .PEM file via notepad and then installing in the "The new trusted CA certificate must be in PEM format" of the install screen. Is this the only information I need to enter at this stage as I get the following error response:
                      ******************** Testing C:\Users\matthew.hill.FLEETUK\Desktop\ShoreTelConf SSL.PEM ********************
                      Error opening certificate file /tmp/C:Usersmatthew.hill.FLEETUKDesktopShoreTelConfSSL. PEM

                      Unknown Error:
                      The file was probably corrupt.
                      The output of the call to openssl verify was
                      3161:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('/tmp/C:Usersmatthew.hill.FLEETUKDesktopShoreTelConfSSL. PEM','r')

                      ****************** Done testing C:\Users\matthew.hill.FLEETUK\Desktop\ShoreTelConf SSL.PEM ****************

                      * Mutually authenticated TLS is off.

                      HELP...I am new to this as its my first experience with the conference bridge suite.

                      Matt

                      Comment


                      • #12
                        Originally posted by Icetoad View Post
                        Oh i should of been more specific, i was asking if IE8 was supported on the client side?

                        My VAR finally responded with the information for the SSL install. Here it is in a nutshell.

                        1. download openssl light windows install and install ( you may need the C++ 2008 redist )
                        2. go to the open ssl directory and run openssl.exe
                        3. Run "req -new -newkey rsa:2048 -keyout hostkey.pem -nodes -out hostcsr.pem" at the prompt without the quotes
                        4. fill in the certificate prompts as you would during any other cert then fill out the password and company name.
                        5. rename the hostcsr file to a text file or just open it in notepad.
                        6. Paste the output into SSL issuers site


                        I used godaddy and i downloaded the apache cert, used without issue.
                        Hi Icetoad,

                        I have got Godaddy certificate.Do i need to run this open ssl light on the server on any windows pc and generate the CSR Request.Please let me know...

                        Sri

                        Comment


                        • #13
                          Go Daddy worked a dream

                          Hi,

                          I tried to use Twarte and the Open SSL product to convert to 2048 but still could not get it working. Go Daddy worked a dream with the same process.

                          Hope this helps

                          Matt

                          Comment


                          • #14
                            I just used go-daddy and downloaded the Apache cert. My Conference server tells me it's not in PEM format even though that's how I generated the request.

                            :cursing:
                            The message is:

                            Error: Invalid certificate file. No action taken.

                            ******************** Testing gd_bundle.crt ********************
                            unable to load certificate
                            Error: The file submitted was not a certificate in PEM format.
                            ****************** Done testing gd_bundle.crt ****************

                            * Mutually authenticated TLS is off.

                            Comment


                            • #15
                              Update: It turns out it will work fine if you don't try to upload the CA certificate as well. I really wish there was some decent documentation and instructions for this system.

                              BTW, thanks for the OpenSSL procedure. :-)

                              Comment

                              Working...
                              X