Manage Self Signed SSL Certificates

A default self-signed SSL certificate is provided with the MSL server at no additional cost. Remote users can add it to their local workstations. This prevents the “Certificate Error: Navigation Blocked” message from appearing when the users attempt to log in to the MSL Server Manager.

The self-signed SSL certificate has the following disadvantages:

The protection supplied by the self-signed SSL certificate is somewhat lower than that of a third-party SSL certificate.
The self-signed SSL certificate can only be used to prevent the “Certificate Error: Navigation Blocked” message. For deployments, you must purchase and install a third-party SSL certificate. If you fail to do this, your users will not receive their deployment configurations and will be unable to establish connections.

The following procedure applies to Internet Explorer 11. For other browser versions refer to the browser help.

Note: If you are using Windows Vista or Windows 7, you will need to run Internet Explorer as an administrator to install the security certificate. To do this, right-click the Internet Explorer icon, and select Run as Administrator. This task needs to be done even if you are logged in as an administrator.

Install the Default Self-Signed SSL Certificate on Local Workstation

To install the default self-signed certificate on a local workstation:

Open Internet Explorer.
When you attempt to access the MSL Server Manager login page, a “Certificate Error: Navigation Blocked” page is displayed. The warning states “There is a problem with this web site's security service”.
Click “Continue to this web site (not recommended)”.
To the right of the domain name address in the address bar, click Certificate Error. The Untrusted Certificate warning appears.
Click View Certificates.
Click Install Certificate.
In the Certificate Import Wizard, click Next to accept the default settings.
Click Place all certificates in the following store and then click Browse. Select Trusted Root Certification Authorities and then click OK.
Click Next and then Finish. A security warning appears, asking if you want to install the certificate.
Click Yes. The certificate import is confirmed. Click OK.
Click OK to close the Certificate dialog.

Note: After you have installed the security certificate, a second security certificate error may appear stating that the security certificate presented by the website was issued for a different web site's address. This is a temporary problem and the error should be ignored. Click “Continue to this website” to access the Web View interface.

Verify the Installed Default Self-Signed SSL Certificate

To view details regarding currently installed default, self-signed web server certificate:

Log into the MSL Server Manager.
Under Security, click Web Server.
Click the Web Server Certificate tab.

View details at the top of the page:

Field Name	Details
Issuer	Lists the following information for the certificate authorization company that issued the certificate:
	C: country code
	ST: state or province
	L: locality name (for example: city name)
	O: name of the certificate authorization authority; “XYZ Corporation” is the name that appears for Mitel self-signed certificates.
	OU: name of the organizational unit
	CN: server hostname
	Authority/email Address: email address of the Certificate Authority
Certificate Name	The Common Name that identifies the fully qualified domain name associated with the certificate.
Alternate Name(s)	The FQDNs of each service (or “virtual host”) included in this certificate.
Valid From	Date and time when the certificate takes effect.
Expires	Date and time when the certificate expires. Note: Events are raised prior to, and on the date of expiry of the certificate. Ensure to regularly check the event viewer or configure email alerts. Certificate already expired: MAJOR Expires in less than 1 week: MINOR Expires in less than 3 weeks: WARNING