![]() |
If you are using your own certificates for server certificate authentication, and you are not using the predefined location for storing certificates (that is, /opt/mvap/tsapi/client/certs/CA/aesCerts.pem), you must add statements to the tslibrc file that specify where your certificates are located. For example:
Trusted CA File=<certificate_location>
Verify Server FQDN= 0
where:
Trusted CA File is the label for the file specification. The equal sign (=) is a separator between the label and the file specification.
certificate_location is the full pathname of a file containing the certificate(s) for your trusted CA in Privacy Enhanced Mail (PEM) format. For example:
/opt/mvap/tsapi/clients/certs/CA/exampleCA.pem
Note that the specified file may contain several certificates.
Verify Server FQDN is a setting that determines whether the TSAPI client verifies the Fully Qualified Domain Name (FQDN) in the Server Certificate (for added security).
![]() | Note |
This setting should be set to 0 when the AE Services Server is using the Avaya Product Root CA Certificate. |
If you want the client to check the certificate for the FQDN, use this setting: Verify Server FQDN=1
If you do not want the client to check the certificate for the FQDN, use this setting: Verify Server FQDN=0
Alternatively, you could just omit this line.
If the TSAPI Service is configured to perform client certificate authentication and you are not using the predefined location for the client keystore (that is, the tsapiClient.pfx file), or if the client keystore is password protected, then you must add statements to the tslibrc file that specify the location and/or password of the client keystore. For example:
Client KeyStore=<keystore-location>
KeyStore Password=<keystore-password>
The Client KeyStore setting specifies the full pathname of a PKCS12 (Public-Key Cryptography Standards #12) keystore containing the client certificate that the TSAPI client should send to the TSAPI Service.For example:
Client KeyStore=/home/ctiuser/certs/myKeystore.pfx
The KeyStore Password setting specifies the password of the client keystore. For example:
KeyStore Password=xxxxxxxx
If the client keystore does not have a password, then this configuration setting is not needed.