Author Topic: replacing certificates on 3300 MCD  (Read 5012 times)

Offline iggypops

  • Contributer
  • *
  • Posts: 16
  • Country: au
  • Karma: +0/-0
    • View Profile
replacing certificates on 3300 MCD
« on: September 18, 2016, 07:07:18 PM »
Hi,
I noticed IE and FF have many problems now when accessing MCD servers we have with FF for instance reporting "Secure Connection Failed - SEC_ERROR_REUSED_ISSUER_AND_SERIAL" and Chrome reports "net::ERR_CERT_AUTHORITY_INVALID"
Certificates presented by MCD servers have ssuer CN=Mitel Networks ICP CA

I want to replace certs with standard web server certs signed by StartSSL.
Would it be a problem if I replace all MCD certificates with a standard web server cert with Key Usage (Digital Signature, Key Encipherment)?
Or do Mitel MCD components require Issuer to be "Mitel Networks ICP CA" for whatever reason?


Offline acejavelin

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4097
  • Country: us
  • Karma: +133/-0
  • High-tech, heavy metal redneck!
    • View Profile
    • Like what I do and wanna help out? Send me a donation!
Re: replacing certificates on 3300 MCD
« Reply #1 on: September 18, 2016, 08:18:56 PM »
Hi,
I noticed IE and FF have many problems now when accessing MCD servers we have with FF for instance reporting "Secure Connection Failed - SEC_ERROR_REUSED_ISSUER_AND_SERIAL" and Chrome reports "net::ERR_CERT_AUTHORITY_INVALID"
Certificates presented by MCD servers have ssuer CN=Mitel Networks ICP CA

I want to replace certs with standard web server certs signed by StartSSL.
Would it be a problem if I replace all MCD certificates with a standard web server cert with Key Usage (Digital Signature, Key Encipherment)?
Or do Mitel MCD components require Issuer to be "Mitel Networks ICP CA" for whatever reason?
Only IE and FireFox work, Chrome is not supported... Have you imported the Mitel Root Certificate? (look at bottom right of logon page)

I don't know if it is even possible (normally) to replace the SSL cert in MCD.
« Last Edit: September 18, 2016, 08:24:21 PM by acejavelin »

Offline iggypops

  • Contributer
  • *
  • Posts: 16
  • Country: au
  • Karma: +0/-0
    • View Profile
Re: replacing certificates on 3300 MCD
« Reply #2 on: September 18, 2016, 11:08:21 PM »
Thanks acejavelin, the ERR_CERT_AUTHORITY_INVALID on certificate presented by MCDs indicates that it is not in the Trusted Root Certification Authorities store on windows machine I am viewing it from. I can see the "Mitel Networks Root CA" in certificate chain is on the top of the chain and is not signed by any public CA. So it seems then we have to deploy " Mitel Networks Root CA" on all machines that need access to MCD servers.

Offline iboyd

  • Jr. Member
  • **
  • Posts: 61
  • Country: us
  • Karma: +1/-0
    • View Profile
Re: replacing certificates on 3300 MCD
« Reply #3 on: September 19, 2016, 10:58:51 AM »
As a rule right now I don't install any Mitel Certificates, I just add the exception into FF.  How ever I do have 17 different Mitel Servers that don't talk to each other, so it is to crazy to attempt to get their various certificates under control.  Is there any need for it now?

Offline acejavelin

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4097
  • Country: us
  • Karma: +133/-0
  • High-tech, heavy metal redneck!
    • View Profile
    • Like what I do and wanna help out? Send me a donation!
Re: replacing certificates on 3300 MCD
« Reply #4 on: September 19, 2016, 04:27:58 PM »
Thanks acejavelin, the ERR_CERT_AUTHORITY_INVALID on certificate presented by MCDs indicates that it is not in the Trusted Root Certification Authorities store on windows machine I am viewing it from. I can see the "Mitel Networks Root CA" in certificate chain is on the top of the chain and is not signed by any public CA. So it seems then we have to deploy " Mitel Networks Root CA" on all machines that need access to MCD servers.
Yes, this is what we do.

As a rule right now I don't install any Mitel Certificates, I just add the exception into FF.  How ever I do have 17 different Mitel Servers that don't talk to each other, so it is to crazy to attempt to get their various certificates under control.  Is there any need for it now?
If you install the Mitel Root Certificate, it applies to all systems.

Offline iboyd

  • Jr. Member
  • **
  • Posts: 61
  • Country: us
  • Karma: +1/-0
    • View Profile
Re: replacing certificates on 3300 MCD
« Reply #5 on: May 24, 2017, 03:27:19 PM »
Quote
[/size][size=0px]If you install the Mitel Root Certificate, it applies to all systems.[/size][/size]

I tried that once, and then went to Mitel #2 and it balked at me.  Do all MCD's need to be at the same level?


-Ian

Offline johnp

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2201
  • Country: us
  • Karma: +66/-0
    • View Profile
Re: replacing certificates on 3300 MCD
« Reply #6 on: May 24, 2017, 07:26:30 PM »
I think the ability to upload a certificate was added recently

Offline eugenej

  • Full Member
  • ***
  • Posts: 94
  • Country: 00
  • Karma: +2/-0
    • View Profile
Re: replacing certificates on 3300 MCD
« Reply #7 on: May 25, 2017, 04:35:11 AM »
I think the ability to upload a certificate was added recently

Indeed it has. I have it on my system.


 

Sitemap 1 2 3 4 5 6 7 8 9 10