Print

TSAPI Windows client certificate authentication

The TSAPI Service may be configured to use Transport Layer Security (TLS) for encrypting TSAPI client connections to the AE Services Server. When the TSAPI client requests a secure connection to the AE Services Server, the TSAPI service sends a certificate to the TSAPI client that allows the client to verify the identity of the server. This process is known as server certificate authentication.

You can configure the TSAPI Service to request a certificate from the client so that the AE Services Server can verify the identity of the client. This process is known as client certificate authentication.

For server certificate authentication, you may use the Avaya Product Root Certificate Authority (CA) certificate as the server certificate which is default at AE Services 6.3.3 and older and servers upgraded to AE Services 7.1.2, the self-signed certificate created during 7.1.2 fresh installation, or a CA certificate issued by a trusted in-house or third-party certificate authority or your own certificate.

For client certificate authentication, AE Services does not provide a default certificate. You must provide and install your own certificates for client certificate authentication.

For more information about certificates, see Appendix A: Certificates management.

noteNote

The tslib.ini configuration file provides several configuration settings to control the behavior of the TSAPI client during server certificate and client certificate authentication.

You do not have to add any certificate configuration settings under the following conditions: