cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1588
Views
0
Helpful
7
Replies

Expressway Mobile Remote Express (MRS) no audio calls

Gura24
Level 1
Level 1

Hello,

 

I can not start any audio calls via MRA (external), after 1s jabber dropped call. Chat and presence is working fine!

photo1.png

On ExpE I found following in the event logs:

photo2.png

The enviroment includes:

2x CUCM

2x CUC

2x ExpC

2x ExpE

2x IMP

 

Single Interface with static NAT

Clustering

UC-Traversal

 

If you need more Informations just let me know.

Thanks for help!

 

2 Accepted Solutions

Accepted Solutions

Generally speaking, yes. As long as the certificate isn't expired (in which case you probably would have to buy a new one), the CA should let you generate as many certificates as needed.

 

Now let me clarify that a little ..

 

When you purchase an SSL certificate from a CA, what you are actually buying is a period of time from the CA where they will validate their signature on an SSL certificate they give you. You're not buying the instance of a certificate.

Say you buy an SSL certificate for 1 year. With most CAs, that means for one year they will give you an SSL certificate they have signed and will honor that signature for one year. At anytime in that year, if you need to make changes to the SSL certificate, they'll generally allow you to give them a new signature request (CSR) and they will first, invalidate the signature on the existing certificate and then create a new certificate for you based on the new CSR with a new signature that will be honored for the remainder of the time period you originally purchased.

 

In other words, you can only ever have one SSL certificate (if that is what you bought), but you can usually have it signed as many times as you need to within the period of time that you purchased from the CA.

 

Thanks,

Ryan

 

*** Please rate helpful posts ***

View solution in original post

Ok I fixed it! In Firefox under Settings you have to turn off “check trust certificates”

 

thx ! 

View solution in original post

7 Replies 7

Ryan Huff
Level 4
Level 4

Please verify the following;

 

- Edge SSL certificate contains Edge FQDN in the SAN

- External DNS host record for the Edge server also has a reverse DNS entry

- Verify all internal DNS host records and their reverse entries

 

Thanks,

Ryan


*** Please rate helpful posts ***

Thanks for Help, but now I found another problem and I the CSR privat key is deleted. The new public Cer is not working. What I can do ? Is here any workaround? I have to buy a new certificate?

Thanks!

You wouldn't have to buy a new certificate, but you would have to regenerate it. The private key is stored on the server when you generate the CSR, so it can be matched to the certificate when you upload it.

I would generate a new CSR and give that to your certificate authority and they'll regenerate a new one for you.

Its odd that the private key would be missing, because that wouldn't happen unless the CSR was deleted; and if that happened, you wouldn't be able to upload the certificate.

If the SSL certificate is not working and you know that to be true, I would verify that you also uploaded the CA and intermediary certificates into the trust store correctly.

 

Thanks,

 

Ryan

Thanks for quick response!

That means if I regenerate a new CSR then the public CA will give me a new one without extra charge?

Generally speaking, yes. As long as the certificate isn't expired (in which case you probably would have to buy a new one), the CA should let you generate as many certificates as needed.

 

Now let me clarify that a little ..

 

When you purchase an SSL certificate from a CA, what you are actually buying is a period of time from the CA where they will validate their signature on an SSL certificate they give you. You're not buying the instance of a certificate.

Say you buy an SSL certificate for 1 year. With most CAs, that means for one year they will give you an SSL certificate they have signed and will honor that signature for one year. At anytime in that year, if you need to make changes to the SSL certificate, they'll generally allow you to give them a new signature request (CSR) and they will first, invalidate the signature on the existing certificate and then create a new certificate for you based on the new CSR with a new signature that will be honored for the remainder of the time period you originally purchased.

 

In other words, you can only ever have one SSL certificate (if that is what you bought), but you can usually have it signed as many times as you need to within the period of time that you purchased from the CA.

 

Thanks,

Ryan

 

*** Please rate helpful posts ***

Ok now I got it!

BTW on cluster two went everything fine and the certificates are working, is just the first node where I have some issues.
Really thank you for your patience!

One last question, unfortunately I already downloaded the CA root certificate as Trust Certificate on node one but now I cant reach my web-interface of ExpE01 anymore. The browser is blocking the webpage "because of certificate error", is it possible to delete the rootCA on the CLI? Or what I can do?

Ok I fixed it! In Firefox under Settings you have to turn off “check trust certificates”

 

thx ! 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: