With the release of IP Office 9.1 there have been
enhancements made to the way security is handled. When deploying an IP Office
Server Edition or Select Server Edition for a customer it is best practice to
have them provide a fully qualified domain name or a machine name to use for
the security certificate. The IP Office can be configured with a valid host
name and the certificate can be imported into the Trusted Root Certification
Authority certificate store. When accessing the system by the proper host name
with the certificate properly stored there will be no security warnings while
accessing the page.
When defining the hostname for the IP Office you need to
either enter the FQDN that will be used to access the system or the IP address
that will be used to access the system. In the case of my example I used the IP address of 192.168.11.11 as the host name. If you are using a fully qualified domain name (FQDN) or a server name (NetBIOS) you will want to make sure it resolves with your DNS server or you will see a certificate mismatch error.
To use a self-signed certificate we will select “Generate
New”:
After you click Next you will see the following warning:
The
certificate will now be generated.
Once the certificate has been created it is available for
download. For a Windows Certificate Store you need to download the DER-Encoded
certificate:
Once you have downloaded the certificate click Apply. The
process will take several minutes, after which you will be logged out of the
system. Be sure to add the certificate you downloaded to your Trusted Root Certification Authority. If you're working with a domain this can be pushed to client systems using a group policy, or it can be added to machines individually using the Microsoft Management Console.
No comments:
Post a Comment