![]() |
The TSAPI Service may be configured to use Transport Layer Security (TLS) for encrypting TSAPI client connections to the AE Services Server. When the TSAPI client requests a secure connection to the AE Services Server, the TSAPI service sends a certificate to the TSAPI client that allows the client to verify the identity of the server. This process is known as server certificate authentication.
You can configure the TSAPI Service to request a certificate from the client so that the AE Services Server can verify the identity of the client. This process is known as client certificate authentication.
For server certificate authentication, you may use the Avaya Product Root Certificate Authority (CA) certificate as the server certificate which is default at AE Services 6.3.3 and older and servers upgraded to AE Services 7.1.2, the self-signed certificate created during 7.1.2 fresh installation, or a CA certificate issued by a trusted in-house or third-party certificate authority or your own certificate.
For client certificate authentication, AE Services does not provide a default certificate. You must provide and install your own certificates for client certificate authentication.
For more information about certificates, see Appendix A: Certificates management.
![]() | Note |
The tslib.ini configuration file provides several configuration settings to control the behavior of the TSAPI client during server certificate and client certificate authentication. |
You do not need to add any certificate configuration settings to the tslib.ini file if you do not use secure client connections, and hence, certificates.
You use the default AE Services certificate for server certificate authentication.
You use your own certificates and the trusted CA certificate is installed on the client computer in the file <installation-directory>\certs\ca\aesCerts.cer.
The TSAPI Service is not configured to perform client certificate authentication.
The client keystore containing the client certificate is installed on the client computer in the file <installation-directory>\certs\tsapiClient.pfx and does not have a password.