As you have probably read in official documentation, CWMS needs valid SSL certs installed for normal operation. If you use default self-signed SSL certs, you will keep getting warnings and errors and won't be able to join any meetings before you import those self-signed SSL certs to your end point.
To avoid this annoying behavior, you should obtain publicly signed SSL certs. You can use SAN (Subject Alternative Name) or Wildcard SSL certs.
Most of the PCs have intermediate/root certs of all the major Certification Authorities already imported in the Trust stores, so when you upload a single publicly signed CWMS SSL cert to your CWMS solution, the PC and the web browser know how to validate such cert and all will appear to be just fine.
However, iOS and Android mobile devices might still have a problem validating just CWMS SSL cert and will report SSL cert errors even though a valid publicly signed SSL cert has been installed to CWMS.
To prevent this from happening, you would like to ensure that CWMS offers a full SSL certificate chain to any end point accessing the solution. That means, you would like to have both CWMS SSL cert and CA's Intermediate SSL Certs bundled together and uploaded to CWMS.
To successfully create this SSL certificate bundle, you can follow these tips.
After generating Certificate Signing Request (CSR) on CWMS, using that CSR you will reach out to Public Certification Authority and request SSL cert for your CWMS solution.
1. You will receive a single SERVER SSL cert file for all your CWMS components. This SSL cert file contains just one SSL cert that includes all Subject Alternative Names listed in the CSR you generated.
In CWMS 1.x and 2.0, this cert file is placed at the top of the SSL cert bundle. However, in CWMS 2.5 and later, this SSL cert is placed at the bottom of the SSL cert bundle.
2. You will also receive INTERMEDIATE SSL CERT bundle from CA. This bundle usually includes three SSL certificates:
Hence, to create SSL cert bundle on CWMS 1.x and 2.0 version levels, you would do the following:
A. Open SERVER SSL CERT in notepad, B. Save the file as SSL cert bundle, C. Open the INTERMEDIATE SSL CERT bundle in notepad, D. Copy the top two SSL certs (secondary intermediate and primary intermediate) and paste these below SERVER SSL CERT as they are already in the correct order. This action will create this required chain:
Hence, to create SSL cert bundle on CWMS 2.5 version level, you would follow these steps:
A. Open a new blank file in notepad, B. Open INTERMEDIATE SSL CERT bundle in notepad, C. Copy the Primary Intermediate (MIDDLE CERT in the INTERMEDIATE SSL CERT bundle file) to the top of the blank notepad file, D. Copy the Secondary Intermediate (TOP CERT in the INTERMEDIATE SSL CERT bundle file) below Primary Intermediate in the blank notepad file, E. Open SERVER SSL CERT in notepad and copy its content to the very bottom of blank notepad file.
F. At this time, save this new bundle file as CWMS SSL cert bundle and upload it to the system.
In case the CSR file was created outside of CWMS solution, and you also have externally created PRIVATE KEY that you will also need to import to CWMS, PRIVATE KEY will ALWAYS (regardless of the version) be placed at the VERY TOP (above all certs) in CWMS SSL cert bundle.
If a remote destination is calling in to another desk phone on the same cluster (PBX) the caller ID from the attached directory number. If you call to another cluster it will just show "WIRELESS CALLER". I am wondering if there is any solution so all clus...
Hello...I have an issue with sound/voice outgoing and incoming call.Use 2 ISPs, the first ISP uses E1, and the other uses SIP. When trying to make an outgoing call, at first there's no problem with sound and hear what they said.But, in the middle of ...
I have an existing number of 3200 that I want to forward to a System Call Handler number of 5847. I can dial 5847 and all the prompts work with no issues. But when I add the 5847 number to the call forward of 3200, all I get the voicemail message. &n...
Hi Experts, I am a bit confused to understand the queue time and the ring time in the CCX. I have configured the queue overflow as shown below. Please correct me if I am wrong here; Every select resource step has the same timeout...
Hi! I have a Cp-3905 phone I want to use with my VoIP carrier instead of my old ATA box and old analog phone. I can't find where in the settings to set SIP domain, username and password. Is is not possible to use this phone as a SIP phone with my VoIP car...