Browse
 
Tools
Rss Categories

Resolving Dashboard Certificate Issues

Reference Number: AA-01727 Views: 2829 0 Rating/ Voters

The LumenVox Dashboard is designed to operate using either HTTP or HTTPS connectivity, allowing remote access to the services running on each LumenVox server. It is important that only authorized users are able to access this functionality to prevent disabling or changing those services, so there is an optional username and password requirement that can be enabled.  In addition to this, it is possible to use HTTPS, which is the secure form of the regular HTTP communications protocol. This secure mode utilizes SSL (Secure Sockets Layer) to encrypt this communication, so is preferred, preventing anyone intercepting username and passwords being sent as well as any other information passed over the communications channel in the form of eavesdropping or other tampering.

SSL requires the use of a certificate that is installed on the web server, which identifies the server as well as providing information on the encryption mechanism to be used. See this HTTP_Secure article for more details.

Since the Dashboard is being driven by a web server within the LumenVox manager service, this service needs a certificate in order to provide HTTPS connectivity.  By default, LumenVox installs a dummy certificate, located in /etc/lumenvox/www/certs (on Linux) or C:\Program Files\LumenVox\Tools\www\certs (Windows) - this dummy file is called server.pem. Since this is a dummy file, the signature of the certificate will not match your server, or domain, which will (correctly) cause your browser to treat the Dashboard site with suspicion, since it cannot validate the authenticity of the certificate. This will be indicated by a warning in your browser:

Certificate Error:

Certificate Error generated by Internet Explorer when attempting to open Dashboard with default certificate

IE Certificate Error


After continuing to the Dashboard, the browser will continue to indicate a problem with the certificate as shown here:

Details of Certificate Mismatch (Chrome):

Chrome Certificate Mismatch


Details of Certificate Mismatch (Internet Explorer):

IE Certificate Mismatch



Resolution

To resolve these problems, you should install your own authentication certificate for the server, which can be obtained from a registered certificate authority, such as VeriSign or Go Daddy (there are many others).

After obtaining the certificate for the server, a compatible pem (Privacy Enhanced Mail) file needs to be saved to disk, and this new certificate file will need to be referenced and used by the LumenVox Manager.  The name and location of this certificate (.pem) file can be specified in the manager.conf file.  The Manager service will need to be restarted after this configuration setting is changed for it to take effect.

Please note that the above information is being made available here to assist our customers in generating certificate files, however LumenVox does not provide, configure or provide help with these. You need to contact one of the signing authorities to obtain these certificates.

Once a valid, authenticated certificate is installed, the errors should not appear, and should appear correctly in the browser, when clicking on the padlock symbol, as shown below

Authenticated Certificate (for fictitious server1.mydomain.com):

Authenticated Certificate


Further Reading

For more information relating SSL certificates, and how these are used, there are a number of sites online that can provide this information, such as: