Author Topic: third party certificate for MiCollab mobile client deployment  (Read 3690 times)

Offline Stefanovitch

  • Contributer
  • *
  • Posts: 6
  • Country: au
  • Karma: +0/-0
    • View Profile
third party certificate for MiCollab mobile client deployment
« on: August 15, 2016, 02:10:43 AM »
Does anyone know what format the exported certificate needs to be in from the CA?
Docs say Apache format but then getting 2x .crt files in the exported zip file.
When I try to install these on the MSL server, it says
"The web server certificate provided does not match the private key on the system. Perhaps the wrong certificate was supplied? "

Any ideas on what you do here ?


Offline PC77375

  • Full Member
  • ***
  • Posts: 191
  • Country: us
  • Karma: +6/-0
    • View Profile
Re: third party certificate for MiCollab mobile client deployment
« Reply #1 on: August 15, 2016, 11:32:46 AM »
To enable remote client stations to log in and MiCollab Mobile Client users to establish connections, purchase an SSL certificate from a third-party Certificate Authority and then import it onto the MSL server.

If you have an MSL application server deployed in LAN mode with an MBG / Web Proxy server in the demilitarized zone (DMZ) or network edge, your remote clients will connect to the MSL server through the MBG / Web Proxy server. For this configuration, purchase an SSL certificate for the MBG / Web Proxy server and then share the certificate and private key file with the LAN-based MSL servers.

If you have MSL application servers deployed in LAN mode behind a corporate firewall, your remote clients will connect to the MSL servers through the firewall. For this configuration, purchase a unique SSL certificate for each MSL server.

Supported Formats
You can import third-party SSL certificates in either PEM or PKCS#12 format:

•PEM certificates typically have extensions such as .pem, .crt, .cer, and .key. They are Base64 encoded ASCII files and contain "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" statements. Server certificates, intermediate certificates, and private keys can all be put into the PEM format. Apache and similar servers use PEM format certificates. Several PEM certificates, including the private key, can be included in a single file, one below the other, but most platforms, such as Apache, expect the certificates and private key to be in separate files.

•PKCS#12 or PFX format is a binary format for storing the server certificate, any intermediate certificates, and the private key in one encryptable file. PFX files usually have extensions such as .pfx and .p12. PFX files are typically used on Windows machines to import and export certificates and private keys.

MSL supports the SHA-2 cryptographic hash function, along with variants such as SHA-256.

Configuration Example
First, generate the certificate signing request (CSR) on the MBG / Web Proxy. Second, submit the CSR to the CA, complete the online registration forms and purchase your web server certificate and intermediate certificates. Third, install the certificates on the MBG / Web Proxy (the MSL server that was used to generate the CSR). Fourth, download the certificates and private key from the MBG / Web Proxy. Fifth, install the certificates and private key on the MSL application server on the LAN. The application server can be equipped with Mitel software such as MiVoice Business, MiCollab Client, Open Integration Gateway, Oria or, as illustrated below, MiCollab.


 

Sitemap 1 2 3 4 5 6 7 8 9 10