The TSAPI Service may be configured to use Transport Layer Security (TLS) for encrypting TSAPI client connections to the AE Services Server. When the TSAPI client requests a secure connection to the AE Services Server, the TSAPI service sends a certificate to the TSAPI client that allows the client to verify the identity of the server. This process is known as server certificate authentication.
You can configure the TSAPI Service to request a certificate from the client so that the AE Services Server can verify the identity of the client. This process is known as client certificate authentication.
For server certificate authentication, you may use the Avaya Product Root Certificate Authority (CA) certificate as the server certificate which is default at AE Services 7.x and older and servers upgraded to AE Services 10.2.x, the self-signed certificate created during 10.2.x fresh installation, or a CA certificate issued by a trusted in-house or third-party certificate authority or your own certificate.
Note:
For self-signed certificate, TLS Hostname Validation must be disabled that is the value of Verify Server FQDN field must be set to zero.
For client certificate authentication, AE Services does not provide a default certificate. You must provide and install your own certificates for client certificate authentication.
For more information about certificates, see Appendix A: Certificates management.
Note:
The tslib.ini configuration file provides several configuration settings to control the behavior of the TSAPI client during server certificate and client certificate authentication.
You do not have to add any certificate configuration settings under the following conditions:
You do not need to add any certificate configuration settings to the tslib.ini file if you do not use secure client connections, and hence, certificates.
If you use secure client connections, you do not need to add any server certificate authentication settings to the tslib.ini file for either of the following situations:
You use the default AE Services certificate for server certificate authentication.
You use your own certificates and the trusted CA certificate is installed on the client computer in the file <installation-directory>\certs\ca\aesCerts.cer.
If you use secure client connections, you do not need to add any client certificate authentication settings to the tslib.ini file for either of the following situations:
The TSAPI Service is not configured to perform client certificate authentication.
The client keystore containing the client certificate is installed on the client computer in the file <installation-directory>\certs\tsapiClient.pfx and does not have a password.
