PureConnect

Discussion Thread View
Expand all | Collapse all

ServerGroup Certificates

  • 1.  ServerGroup Certificates

    Posted 09-10-2019 11:25
    We have just upgraded the hardware for our IC servers, starting with the backup (making sure it was back in a switchover pair) and then initiating a switchover before starting the install on the next server.

    everything seemed fine and everything was in sync. We then noticed that webchat wasn't working and it was because the HTTPS certificates were not trusted. We went to install the certificate from the webpage into the trusted root certificate store but we still had a certificate error on the webpage (after rebooting the server etc).

    I'm guessing it has something to do with the ServerGroup Certificates and the new hardware. Any ideas?

    #Security
    #Unsure/Other

    ------------------------------
    Chris Tancred
    IKEA Limited
    ------------------------------


  • 2.  RE: ServerGroup Certificates

    Posted 09-10-2019 13:03
    Chris,

    This might be related to a post I have made previously related to Server Group certificates:

    https://community.genesys.com/digestviewer29/viewthread?MessageKey=016e90ca-0a45-4508-a935-c8746e795f3c&CommunityKey=cf214c8f-5206-4010-9b2c-2085cbd65a44&tab=digestviewer#bm016e90ca-0a45-4508-a935-c8746e795f3c

    I recommend following this link and check your ServerGroup certificate.  It is likely you are affected by the T61String issue.  This is something we have seen with very old systems being replaced with new hardware via Switchover as the legacy ServerGroup certificate was created with a T61String commonName whereas the newer PureConnect releases are only supporting UTF8.

    Thanks,

    Josh

    ------------------------------
    Joshua Davis
    Solution Engineer
    Altivon
    ------------------------------



  • 3.  RE: ServerGroup Certificates

    Posted 09-11-2019 05:42
    Hi,

    We fixed the issue last night.

    We had to regenerate a ServerGroup Certificate using the IC setup admin tool and then on the switchover pair. Once we did that our switchover paid was back and we copied the ServerGroup certificate to our reverse proxy server and installed it into the trusted certificate store.

    Seems we were following the instructions correctly but using an old certificate from the previous server hardware.

    Thanks for your response



    ------------------------------
    Chris Tancred
    IKEA Limited
    ------------------------------