Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision Both sides next revision
vendors:cisco:uc:ece [2019/09/04 17:29]
gerardorourke [ECE]
vendors:cisco:uc:ece [2019/09/05 14:26]
gerardorourke [PCCE CCE Admin - ECE Gadget Rendering Issues]
Line 29: Line 29:
 ===== Install / Config Tips ===== ===== Install / Config Tips =====
 ====PCCE CCE Admin - ECE Gadget Rendering Issues ==== ====PCCE CCE Admin - ECE Gadget Rendering Issues ====
-  * CCE Admin tomcat server access ECE Gadget from the ECE Web server using HTTPS. If the Tomcat does not have the CA Certification, TLS fails to establish, hence you need to add the ECE cert (or CA cert) in the Java CA keystore on the CCE Admin Tomcat Servers (AW-HDS-DDS) - use KeyStore Explorer (run as admin) to import CA to CA keystore +  * CCE Admin tomcat server accesses the ECE Gadget from the ECE Web server using HTTPS. If the Tomcat does not have the CA Certification, TLS fails to establish and you will not be able to view the ECE Admin Gadget within CCE Admin. Hence you need to add the ECE cert (or CA cert) into the Java CA keystore on the CCE Admin Tomcat **Servers** (AW-HDS-DDS) 
-  * make sure the Web server URL or Load Balancer URL is set in the ECE config (also available on PCCE Admin ECE Gadget)+  * Use KeyStore Explorer (run as admin) to import CA to CA keystore (keystore is located here: C:\Program Files (x86)\Java\jre1.8.0_181\lib\security) - (the default keystore password is 'changeit') 
 +  * Make sure the Web server URL or Load Balancer URL is set in the ECE config (also available on PCCE Admin ECE Gadget)
   * The account you use to login with must have its LDAP 'userPrincipalName' attribute set. This is not an absolute requirement on AD but is usually set. It can be corrected in AD user account by making sure logon Name is set.    * The account you use to login with must have its LDAP 'userPrincipalName' attribute set. This is not an absolute requirement on AD but is usually set. It can be corrected in AD user account by making sure logon Name is set. 
 {{:vendors:cisco:uc:logonname.png?400|}} {{:vendors:cisco:uc:logonname.png?400|}}
-  * Configure ECE SSO Parition Admin setup as per below. If you want to use SSL for LDAP (which you should), the ECE server verifies the cert of the LDAP server - I have a keystore file that conains the LDAP server certs or the CA cert that signed them on the ECE Server, updated it to contain the Private CA cert using KeyStore Explorer (the default keystore password is 'changeit')+  * Configure ECE SSO Partition Admin setup as per below. If you want to use SSL for LDAP (which you should), the ECE server verifies the cert of the LDAP server - I have a keystore file that contains the LDAP server certs or the CA cert that signed them on the ECE Server, updated it to contain the Private CA cert using KeyStore Explorer 
 {{:vendors:cisco:uc:ece-paritionadmin-ssl.jpg?800|}} {{:vendors:cisco:uc:ece-paritionadmin-ssl.jpg?800|}}