Hi winter

Yes i have configured the webbridge3 correctly? (webbridge3 c2w listen a:9999)

But i don't have set the CN to the IP address? 

Please i put what on <name> ?

Best Regards

If you haven't set the CN to the IP address, when generating the self-signed certificate, then the certificate will not nothing.

Therefore, how should the callbridge then validate the certificate of the webbridge?

I guess, you should get some information, on how certificates work in general and also have a better look in the installation and deployment guides of CMS.

The <name> is just a random tag in cms (pki selfsigned whatever-cert). As you have already generated the self-signed cert in CMS, I have assumed, that you already know that ...

Easy way for you:

pki selfsigned self-cert CN:<IP>

webbridge3 disable

webbridge3 c2w certs self-cert.key self-cert.crt

webbridge3 enable

callbridge trust c2w self-cert.crt

callbridge restart

In the API for the webbridge: "c2w://<IP>:9999"

Hi Winter,

Thank you for your precious help I generated another certificate and I redone the configuration following your example
now I'm back on another problem:

2021-10-05 12: 01: 33.545 Connection to remote Call Bridge "Cb02" failed (connect failure)
2021-10-05 12: 01: 34.305 C2W connection to "c2w: // ip address: 9999" failed (connect failure)

knowing that I have two clustered call bridges and I have not generated a certificate.

Best Regards;

Can every callbridge reach the webbridge IP?

Does every callbridge trust the webbridge self-signed cert?

Have you selected the callbridge group in the API for the webbridge?

How could you set up a cluster, without generating a certificate? Every connection in CMS is based on certificates...

Hi winter;

yes each callbridge reaches the IP of the webbridge

Only the first callbridge trusts the self-signed webbridge certificate

No I did not select the callbridge group in the API for the webbridge, I added the url of the first only "c2w: // <IP>: 9999"

No I am not talking about the certificates of the cluster, is it clear that we cannot set up a cluster without generating a certificate

I specifyI did not generate the self-signed certificate of the webbridge in the second call bridge

Please can you describe the steps to follow to configure the webbridge3 service in a cluster, do I have to activate it in both servers? which was not the case in CMS version 2.9

Thanks for the help and i very much appreciate your guidance

It is up to you, if you only want to use 1 or 2 webbridges.

If you want to use 2 webbridges, then you have to activate the webbridge service on both servers (just repeat the configuration steps on the second server, like you did on the first)

Both callbridges then have to trust the certificates of both webbridges and you have to add 2 webbridges via API.

Therefore, the certificate-file, which you assign to the trust of the callbridge (callbridge trust c2w <cert-file>), has to contain both certificates of the webbridges:

1. open both certificates with an text editor (e.g. notepad++) --> you now have 2 windows open
2. copy the text of both certs into a third editor window and save it as e.g. "webbridge-certs.cer"
3. upload the file to both callbridges
4. assign the cert-file on both servers via CLI "callbridge trust c2w webbridge-certs.cer"
5. restart both callbridges via CLI "callbridge restart"

Hi,

have you also set the trust-cert for the webbridge3?

webbridge3 trust c2w <cert-bundle>

Completely forgot that command in my other descriptions.

The cert-bundle needs to contain both callbridge certs (how-to described in my last post).

On which CMS do you see the logs?

Is the first CMS already able to connect to the its webbridge? (So callbridge 1 to webbridge 1, both services on CMS 1)