We have just upgraded the hardware for our IC servers, starting with the backup (making sure it was back in a switchover pair) and then initiating a switchover before starting the install on the next server.

everything seemed fine and everything was in sync. We then noticed that webchat wasn't working and it was because the HTTPS certificates were not trusted. We went to install the certificate from the webpage into the trusted root certificate store but we still had a certificate error on the webpage (after rebooting the server etc).

I'm guessing it has something to do with the ServerGroup Certificates and the new hardware. Any ideas?

#Security
#Unsure/Other

------------------------------
Chris Tancred
IKEA Limited
------------------------------

Chris,

This might be related to a post I have made previously related to Server Group certificates:

https://community.genesys.com/digestviewer29/viewthread?MessageKey=016e90ca-0a45-4508-a935-c8746e795f3c&CommunityKey=cf214c8f-5206-4010-9b2c-2085cbd65a44&tab=digestviewer#bm016e90ca-0a45-4508-a935-c8746e795f3c

I recommend following this link and check your ServerGroup certificate.  It is likely you are affected by the T61String issue.  This is something we have seen with very old systems being replaced with new hardware via Switchover as the legacy ServerGroup certificate was created with a T61String commonName whereas the newer PureConnect releases are only supporting UTF8.

Thanks,

Josh

------------------------------
Joshua Davis
Solution Engineer
Altivon
------------------------------

Original Message:
Sent: 09-10-2019 11:24
From: Chris Tancred
Subject: ServerGroup Certificates

We have just upgraded the hardware for our IC servers, starting with the backup (making sure it was back in a switchover pair) and then initiating a switchover before starting the install on the next server.

everything seemed fine and everything was in sync. We then noticed that webchat wasn't working and it was because the HTTPS certificates were not trusted. We went to install the certificate from the webpage into the trusted root certificate store but we still had a certificate error on the webpage (after rebooting the server etc).

I'm guessing it has something to do with the ServerGroup Certificates and the new hardware. Any ideas?

#Security
#Unsure/Other

------------------------------
Chris Tancred
IKEA Limited
------------------------------

Hi,

We fixed the issue last night.

We had to regenerate a ServerGroup Certificate using the IC setup admin tool and then on the switchover pair. Once we did that our switchover paid was back and we copied the ServerGroup certificate to our reverse proxy server and installed it into the trusted certificate store.

Seems we were following the instructions correctly but using an old certificate from the previous server hardware.

Thanks for your response



------------------------------
Chris Tancred
IKEA Limited
------------------------------

Original Message:
Sent: 09-10-2019 13:03
From: Joshua Davis
Subject: ServerGroup Certificates

Chris,

This might be related to a post I have made previously related to Server Group certificates:

https://community.genesys.com/digestviewer29/viewthread?MessageKey=016e90ca-0a45-4508-a935-c8746e795f3c&CommunityKey=cf214c8f-5206-4010-9b2c-2085cbd65a44&tab=digestviewer#bm016e90ca-0a45-4508-a935-c8746e795f3c

I recommend following this link and check your ServerGroup certificate.  It is likely you are affected by the T61String issue.  This is something we have seen with very old systems being replaced with new hardware via Switchover as the legacy ServerGroup certificate was created with a T61String commonName whereas the newer PureConnect releases are only supporting UTF8.

Thanks,

Josh

------------------------------
Joshua Davis
Solution Engineer
Altivon

Original Message:
Sent: 09-10-2019 11:24
From: Chris Tancred
Subject: ServerGroup Certificates

We have just upgraded the hardware for our IC servers, starting with the backup (making sure it was back in a switchover pair) and then initiating a switchover before starting the install on the next server.

everything seemed fine and everything was in sync. We then noticed that webchat wasn't working and it was because the HTTPS certificates were not trusted. We went to install the certificate from the webpage into the trusted root certificate store but we still had a certificate error on the webpage (after rebooting the server etc).

I'm guessing it has something to do with the ServerGroup Certificates and the new hardware. Any ideas?

#Security
#Unsure/Other

------------------------------
Chris Tancred
IKEA Limited
------------------------------