Manage Self Signed SSL Certificates

A default self-signed SSL certificate is provided with the MSL server at no additional cost. Remote users can add it to their local workstations. This prevents the “Certificate Error: Navigation Blocked” message from appearing when the users attempt to log in to the MSL Server Manager.

The self-signed SSL certificate has the following disadvantages:

The following procedure applies to Internet Explorer 11. For other browser versions refer to the browser help.

Note: If you are using Windows Vista or Windows 7, you will need to run Internet Explorer as an administrator to install the security certificate. To do this, right-click the Internet Explorer icon, and select Run as Administrator. This task needs to be done even if you are logged in as an administrator.

Install the Default Self-Signed SSL Certificate on Local Workstation

To install the default self-signed certificate on a local workstation:

  1. Open Internet Explorer.

  2. When you attempt to access the MSL Server Manager login page, a “Certificate Error: Navigation Blocked” page is displayed. The warning states “There is a problem with this web site's security service”.

  3. Click “Continue to this web site (not recommended)”.

  4. To the right of the domain name address in the address bar, click Certificate Error. The Untrusted Certificate warning appears.

  5. Click View Certificates.

  6. Click Install Certificate.

  7. In the Certificate Import Wizard, click Next to accept the default settings.

  8. Click Place all certificates in the following store and then click Browse. Select Trusted Root Certification Authorities and then click OK.

  9. Click Next and then Finish. A security warning appears, asking if you want to install the certificate.

  10. Click Yes. The certificate import is confirmed. Click OK.

  11. Click OK to close the Certificate dialog.

Note: After you have installed the security certificate, a second security certificate error may appear stating that the security certificate presented by the website was issued for a different web site's address. This is a temporary problem and the error should be ignored. Click “Continue to this website” to access the Web View interface.

Verify the Installed Default Self-Signed SSL Certificate

To view details regarding currently installed default, self-signed web server certificate:

  1. Log into the MSL Server Manager.

  2. Under Security, click Web Server.

  3. Click the Web Server Certificate tab.

  4. View details at the top of the page:

    Field Name

    Details

    Issuer

    Lists the following information for the certificate authorization company that issued the certificate:

    C: country code

    ST: state or province

    L: locality name (for example: city name)

    O: name of the certificate authorization authority; “XYZ Corporation” is the name that appears for Mitel self-signed certificates.

    OU: name of the organizational unit

    CN: server hostname

    Authority/email Address: email address of the Certificate Authority

    Certificate Name

    The Common Name that identifies the fully qualified domain name associated with the certificate.

    Alternate Name(s)

    The FQDNs of each service (or “virtual host”) included in this certificate.

    Valid From

    Date and time when the certificate takes effect.

    Expires

    Date and time when the certificate expires.

    Note: Events are raised prior to, and on the date of expiry of the certificate. Ensure to regularly check the event viewer or configure email alerts.
    • Certificate already expired: MAJOR
    • Expires in less than 1 week: MINOR
    • Expires in less than 3 weeks: WARNING