Monday, March 18, 2019

ShoreTel: Mobility Trusted Admin APP Set-up

Here are the steps to create the certificates that are used between Mobility and Connect.


  1. Run cd “C:\Program Files (x86)\Shoreline Communications\ShoreWare Director\App\bin” pki.bat -S SMRAdminApp in a Command Prompt window
  2. To generate the certificate for the SMR they are located in the Shoreline Data\keystore\certs directory and copy the contents of the following cert and key files
    1. SMRAdminApp.crt - located in cert folder within the above root directory
    2. SMRAdminApp.key - located in private key folder within above root directory
  3. Complete the following steps to set up trusted server applications for the SMR
    1. Log in to Mitel Connect Director and navigate to System > Security >Trusted Server Application
    2. Click New, and complete the following steps to create a new trusted server application for the
      1. Mobility 9.0 SMR
      2. Specify the Trusted account name. This should be a descriptive name that conveys the location and use of the SMR. This information is for reference only
      3. Browse to Shoreline Data\keystore\certs, and select the SMRAdminApp file
      4. Select Client Application Service in Application Type, and select Enabled
      5. In Property Type, select admin-cas in Available, and then click to move it to Selected
      6. Click Save
  4. Navigate to Configuration > System > Authentication > Directory, and complete the following steps to configure the trusted application settings
    1. Click Add
    2. Select Mitel Directory in Server Type
    3. Specify a Name
    4. Click Apply
    5. Specify the headquarters FQDN or IP address in Server Address
    6. Select Trusted Admin App, and then click the Manage App Certificate link to launch the Directory Server Certificate page
    7. Click Import, and paste the contents of the cert and key files you copied in step 1 of this section
    8. Click Import again, and then cancel the prompt to reboot
    9. Select tls in Security type
    10. Click Apply, and then click Verify
  5. Sync Authenticator Keys on the SMR
    1. Open a browser and navigate to the SMR configuration page with administrator permissions
    2. Navigate to Configuration > System > Authentication > Directory, and select the directory you defined in Configure Trusted Application Settings on the SMR on page 21
    3. Click Sync ABC Keys to sync the authenticator public keys with the headquarters PBX. Mitel recommends you use the Query option to search for a known Mitel directory user name to verify that you can successfully access the Mitel directory
  6. Specify the Authorization Directory Servers
    1. Open a browser and navigate to the SMR configuration page with administrator permissions
    2. Navigate to the Configuration > Groups and Users page
    3. Select the appropriate group, and then select the appropriate directory type and directory in External User Authentication/Authorization
    4. Click Next. Complete configuration as necessary, and then click Apply

Posted by at
Labels: