Manualshelf

Specifications

ManualsBrandsShoreTel ManualsComputer equipmentMobility Router 4000
81828384858687888990
Managing Security Mobility Router Certificates
7
ShoreTel Mobility Router Administration Guide 70
Mobility Router Certificates
There are four Mobility Router certificates which establish secure sessions during client provisioning
and create HTTPS sessions to the Mobility Router. In addition, these certificates establish mutually
authenticated secure remote connections when the clients are outside of the enterprise.
The Mobility Router presents different certificates when a client initiates a connection from local or
remote interfaces.
Generate a Mobility Router virtual certificate only if you are creating a redundancy cluster to provide
stateful high availability for the ShoreTel Mobility solution. This is the certificate used by the virtual IP
address that manages the redundancy cluster. When the Mobility Router runs in redundancy mode,
both nodes must use the same virtual certificates. For information about redundancy clusters, see
“Managing Redundancy Clusters” on page 227.
The following local, remote, and virtual certificates are supported:
Local Access—internal connections over the LAN interface in a standalone configuration inside
the enterprise.
Remote Access—connections using Secure Remote Access with ShoreTel Mobility Clients in
standalone configuration.
Local Access (Virtual)—internal connections over the LAN interface in cluster configurations
inside the enterprise, and synced across all cluster nodes.
Remote Access (Virtual)—connections using Secure Remote Access with ShoreTel Mobility
Clients in cluster configurations.
Locally Generated Certificates
You can create a locally generated certificate on the Mobility Router. This is a convenient option for
enterprises that have not already purchased a certificate. The certificate is signed by the certificate
authority on the Mobility Router.
WARNING!
Before proceeding with the following steps to generate a Mobility Router Certificate, first install the
Certificate Authority (CA). See “Certificate Authority” on page 66.
WARNING!
When generating or importing a virtual certificate on the master node, the certificate is automatically
synced to the standby node. All services on all nodes must be restarted for the new certificate to be
valid