The default protocol is now TLSv1.2, with the option to allow the user to select TLSv1.1 or TLSv1.0 if desired, using the new SSL_PROTOCOL setting in the nf file. Specifically, SSLv2 and SSLv3 protocols are no longer supported. Introduced in LumenVox version 15.0 were a set of changes that affect HTTPS connectivity to the Dashboard. Prior to version 15.0, the SSL Protocol and Cipher selection was automatically performed and allowed the use of SSLv2/SSLv3 protocols, which are no longer deemed secure. New in 15.0.100 SSL Protocol and Cipher Selection Once a valid, authenticated certificate is installed, the errors should not appear, and should appear correctly in the browser, when clicking on the padlock symbol, as shown below Authenticated Certificate (for fictitious ): You need to contact one of the signing authorities to obtain these certificates. Please note that the above information is being made available here to assist our customers in generating certificate files, however LumenVox does not provide, configure or provide help with these. The Manager service will need to be restarted after this configuration setting is changed for it to take effect. The name and location of this certificate (.pem) file can be specified in the nf file. To resolve these problems, you should install your own authentication certificate for the server, which can be obtained from a registered certificate authority, such as VeriSign or Go Daddy (there are many others).Īfter obtaining the certificate for the server, a compatible pem ( Privacy Enhanced Mail) file needs to be saved to disk, and this new certificate file will need to be referenced and used by the LumenVox Manager. This will be indicated by a warning in your browser: Certificate Error:Ĭertificate Error generated by Internet Explorer when attempting to open Dashboard with default certificate By default, LumenVox installs a dummy certificate, located in /etc/lumenvox/Since this is a dummy file, the signature of the certificate will not match your server, or domain, which will (correctly) cause your browser to treat the Dashboard site with suspicion, since it cannot validate the authenticity of the certificate. Since the Dashboard is being driven by a web server within the LumenVox manager service, this service needs a certificate in order to provide HTTPS connectivity. See this HTTP_Securearticle for more details. SSL requires the use of a certificate that is installed on the web server, which identifies the server as well as providing information on the encryption mechanism to be used. Note that if using HTTP as the communications protocol, certificates are not used, and therefore do not need to be configured when connecting to the Dashboard, however we encourage users to select HTTPS whenever practical. This secure mode utilizes SSL (Secure Sockets Layer) to encrypt this communication, so is preferred, preventing anyone intercepting username and passwords being sent as well as any other information passed over the communications channel in the form of eavesdropping or other tampering. In addition to this, it is possible to use HTTPS, which is the secure form of the regular HTTP communications protocol. It is important that only authorized users are able to access this functionality to prevent disabling or changing those services, so there is an optional username and password requirement that can be enabled. The LumenVox Dashboard is designed to operate using either HTTP or HTTPS connectivity, allowing remote access to the services running on each LumenVox server.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |