Configuring the WebLM server for AE Services

Last Updated : Jun 07, 2021 |

About this task

You can specify the IP address and port number of the Avaya WebLM server that Application Enablement Services uses for licensing.

The Avaya WebLM login credentials are required only for logging in to the external WebLM server and not for the embedded Avaya WebLM server.

Procedure

  1. On the AE Services management console, go to Licensing > WebLM Server Address.
  2. In the WebLM IP Address/FQDN field, type the IP address or FQDN of the remote Avaya WebLM server.

    The WebLM server does not support IPv6. For an embedded Avaya WebLM server, you must configure the 127.0.0.1 IP address.

    Note:

    From Release 8.1.3 and later, AE Services supports FQDN for the WebLM server.

  3. Optional If you are using a Secure Socket Layer (SSL) connection to the master WebLM server, select the SSL check box.
  4. Optional If you are using a remote WebLM server, in the WebLM Port field, type the remote WebLM server port number.

    By default, the port number is 8443.

    If System Manager WebLM is used, you must import the System Manager CA certificate.

  5. Optional If you are using the secondary WebLM server, do the following:
    1. In the Secondary WebLM IP Address/FQDN field, type the IP address or FQDN of the secondary WebLM server.

      The default value is 127.0.0.1. The value must match the IP address or FQDN specified for the server certificate.

      If you configure the Secondary WebLM IP Address/FQDN, AE Services can use only the secondary WebLM server for licensing when the primary WebLM server is not available.

      From Release 8.1.3 and later, AE Services supports FQDN for the secondary WebLM server.

    2. If you are using an SSL connection to the secondary WebLM server, select the Secondary SSL check box.
    3. In the Secondary WebLM Port field, type the port number for the secondary WebLM server.
  6. To validate the Subject Alternate Name or Common Name field of the WebLM server identity certificate with the WebLM server hostname during a TLS connection, select the Enable Certificate Hostname Validation check box.

    If the validation fails, the TLS connection is dropped to verify the WebLM server certificate identity.

    AE Services validates the WebLM server identity certificate only if an external WebLM server is used with HTTPS in a pooled licensing mode.

    The server identity certificate must have the following values to establish a secure connection with the WebLM server:

    • Key Usage: Digital Signature, Key encipherment

    • Extended Key Usage: id-kp-clientAuth, id-kp-serverAuth

      Note:

      Extended Key Usage is an optional field, it must have the mentioned values only if it is present in the certificate configuration.

    The connection will be dropped if either the server identity certificate does not meet the above criteria or the certificate does not have Key Usage field present in it.

    Enabling or disabling hostname validation will enable or disable the peer certification automatically.

    The Enable Certificate Hostname Validation field is available from Release 8.1.3 and later.

    Note:

    • If GRHA is configured with the hostname validation, Avaya recommends that you restart sohd service to keep the GRHA license working. If not, GRHA license will either return an error or enter into the error mode.

    • Avaya recommends that you use Subject Alternate Name(SAN) in place Common Name(CN) while configuring certificates because the support for Common Name(CN) will be removed from the future releases.

  7. Click Apply Changes.
  8. Optional Click Restore Defaults to restore the default settings.
  9. Restart ASAI Link Manager, CVLAN, DLG, and TSAPI services for the changes to take effect.
Related information
WebLM Server Address field descriptions