This form deals with the SSL or enterprise Public Key Infrastructure (PKI) certificate that authenticates the identity of MiVoice Business systems interacting with each other.
By default, the system uses the Mitel self-signed device certificate. You can replace the default Mitel self-signed device certificate with a self-signed certificate, a certificate signed by an enterprise or public Certificate Authority (CA) obtained through a Certificate Signing Request (CSR).
Alternatively, you can also use the Web Server certificate from the Server Manager as a device certificate (Not applicable to Container-based MiVoice Business (cMiVB)).
Any changes to this form requires a MiVoice Business system reboot for the changes to take effect.
Any new certificate installed must be derived from the same root of trust to ensure trusted peer-to-peer connections between MiVoice Business systems.
Upon a system restore, the certificate stored in the backup file is restored.
If you modify the certificate, the administrator must run the MiVoice Business Console Configuration Wizard to verify and accept the new certificate.
When installing a certificate, ensure that certificate chain terminates on a root chain.
When installing a third-party certificate, ensure that you have programmed the DHCP option for the sets to download the certificate.
You can also purchase certificates from CA or generate your own certificates.
Select Use this form to manage the certificate option to perform the following procedures:
A CSR is a text file you send to a Certificate Authority (CA) to apply for an SSL certificate. The option to generate a CSR is only available if the current certificate is a system-generated certificate or an imported certificate.
To generate a CSR:
Click Generate a CSR...
Enter the requested information:
Country Name (2 letter code): The two-letter International Organization for Standardization (ISO) format country code for where your organization is legally registered. For codes, see https://www.iso.org/obp/ui/#search
State or Province Name (full name): Name of the state or province where your organization is located. Do not abbreviate.
Locality Name (eg., city): Name of the city where your organization is registered/located. Do not abbreviate.
Organization name (eg., company): The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requestor's name.
Organizational Unit Name (eg., section): HR, Finance, IT, and so on. (Abbreviations permitted)
Common Name (eg., your server's hostname): The IP address or host name of the MiVoice Business system you are securing.
Add IP Address: Select this check box optionally if you want to add the IP address (or FQDN) of the MiVoice Business system to the CSR.
Click Generate.
The generated CSR is displayed in a dialog box.
Copy the generated CSR including the BEGIN CERTIFICATE REQUEST and the END CERTIFICATE REQUEST lines to a text file.
Click Close on the dialog box.
Log into your account on the CA's website and paste the full CSR from the text file into the SSL enrollment form.
After you receive your SSL Certificate, return to this form to install the certificate.
IMPORTANT: The generated CSR contains the IP address of the MiVoice Business (optionally) and host name information in the Subject Alternate Name (SAN) extension of the certificate. Some Certificate Authority servers may not accept SAN information from a CSR. In this case, the resulting certificate will not contain the IP address of the MiVoice Business system.
If the current certificate is not a system-generated self-signed certificate, then you can create a self-signed certificate. If the current certificate is a self-signed certificate, then you can update (for example, issuer, e-mail address, validity, and so on) the self-signed certificate.
NOTE: If you update the host or domain name in the Server Manager, then you must manually update the host or domain name in the self-signed certificate.
To create a system-generated certificate:
Click Create certificate...
Enter the required information into the form. (Use the same rules that apply to entering information in a CSR; see above.)
Click Update.
In the Maintenance Commands form, in the Command field, enter the RESET SYSTEM command.
After system reboot, log in to the System Administration Tool again to confirm that there are no certificate errors.
To update the system-generated certificate:
Click Update certificate...
Change the information in the form, according to your requirements. (Use the same rules that apply to entering information in a CSR; see above.)
Click Update.
In the Maintenance Commands form, in the Command field, enter the RESET SYSTEM command.
After system reboot, log in to the System Administration Tool again to confirm that there are no certificate errors.
Instead of using a system-generated certificate, you can install a self-signed certificate using a common root certificate or received from a known CA.
To install a new certificate:
Click Install a new certificate...
Under SSL Certificate, click Choose File to upload a certificate file.
Under SSL Private Key, click Choose File to upload a private key.
(Optional) Under Intermediate Certificate(optional), click Choose File to upload a certificate file.
Click Upload to complete the installation.
In the Maintenance Commands form, in the Command field, enter the RESET SYSTEM command.
After system reboot, log in to the System Administration Tool again to confirm that there are no certificate errors.
NOTE: The certificates and private key file must be in PKCS1 format. Ensure that the Certificate Authorities (CA) provide certificates and private key file in PKCS1 format. If the CA provides the certificates and the private key file in a different format, use a tool such as OpenSSL to convert it.
You can remove the current third-party or self-signed certificate from the system. After you remove the certificate, the system uses the default Mitel legacy certificate upon reboot.
To remove the existing third-party certificate:
Click Remove Certificate.
Click OK to confirm that you want the certificate removed.
In the Maintenance Commands form, in the Command field, enter the RESET SYSTEM command.
After system reboot, log in to the System Administration Tool again to confirm that there are no certificate errors.
To download the currently installed SSL certificate:
Click Download
this certificate.
The system downloads the certificate.
You can also use the Web Server certificate defined in the Server Manager (Security > Web Server) as a device certificate.
Select Use the Web Server certificate defined in Server Manager.
Click Save.
Reboot the system. The Web Server certificate details are displayed in the form.
Parameter |
Description |
Default Value |
Issuer |
The entity that issued the certificate. |
|
Certificate Name |
The name chosen by the issuer for the certificate. |
MiVoice Business |
Alternate Name(s) |
Other names that the entity covered by the certificate is known. |
IP Address, hostname and FQDN (as programmed in the Server Manager) |
Valid From |
Date and time when the certificate was created. |
Date/time of the system's initial start-up. |
Expires |
Date and time when certificate expires. When a certificate expires, users trying to connect to the system get warning messages from their browser about security of the system. If this happens (or before it happens,) use the Update Certificate button to renew the certificate .See above for more information. |
One year after 'Valid From' date/time. |
Fingerprint |
An SHA-1 hash of the certificate intended to give an administrator confidence that the correct certificate is in use. |
A hexadecimal string that uniquely identifies the certificate. |
Use the Web Server certificate defined in Server Manager |
Use the Web Server certificate in the Server Manager as the device certificate. NOTE: This parameter is not applicable to Container-based MiVoice Business (cMiVB). |
Not applicable. |
Use this form to manage the certificate |
Use the current form to create a self signed certificate to be used as the device certificate. |
Not applicable. |