Professional Documents
Culture Documents
2022 18:01 Avaya Knowledge - IP Office: Manager And IP Phones Show A Warning: The Security Certificate Will Expire In XXX Days/Certific…
Details
IP Office 500v2: Systems Acting as a Stand alone or Server Expansion.
All releases
IPOLNX 11.1.0.0.0 build 237
IPOLNX 11.0.0.2.0 build 23
Problem Clarification
Systems with a Self-Signed Certificate display an error stating that the security certificate will expire in XXX days.
IP Office Web Manager report that the certificate expires by December 2017 and when using the IP Office Manager to connect to an IP Office system, a warning pop-
up message is seen which states:
Case 2: System status will not show up and displays the license error
Case 3: Certificate on Manager shows future generate and expiry date- Year 2032 to 2042
Cause
The security certificate in the IP Office has an expiry date as mentioned in the warning. There is no fault. Certificate Valid dates shown as:
The default date is December 2010, so creating a new certificate adds 7 years to that date, to December 2017
Note: Although the expiry and renewal of certificates is a normal maintenance process, for some IP Office systems the expiry is much earlier than expected. Avaya
have identified this is caused by the system not having a time reference when first booted, with no time reference the system would create the certificate based on a
start date of 1 January 2011. As the certificate is valid for 7 years, the expiry is 31 December 2017.
Solution
NOTE: To connect to the system after the certificate has expired, go to File - Preferences - Security tab, and select None.
https://support.avaya.com/ext/index?page=content&id=SOLN312079&pmv=print&impressions=false&viewlocale=en_US 1/4
23.08.2022 18:01 Avaya Knowledge - IP Office: Manager And IP Phones Show A Warning: The Security Certificate Will Expire In XXX Days/Certific…
To resolve this issue a new self signed certificate will need to be generated.
Please refer to PSN005052u, updated 7 November 2017 with additional information. The PSN is available here:
https://downloads.avaya.com/css/P8/documents/101042398 (https://downloads.avaya.com/css/P8/documents/101042398)
NOTE: After completing this process you will need to reboot all IP Sets to pull the new Certificate.
2) Renew / Replace the current security certificate with a new certificate prior to the expiry of the current certificate.
3) After the certificate renewal, any H.323 phones using TLS/HTTPS, it may be necessary to manually update the certificate on the phone using the process
detailed in PSN0500042u.
If the IP Office default certificates are being used, they can be regenerated from either Manager [in the security settings] or Web Manager.
Below shows how to view the certificate in Manager > File > Advanced > Security settings
In the example above, the date shown above item 4. is not 31 December 2017 so this system does not generate the warning.
The certificates highlighted in green in the Trusted Certificate Store are not related to this problem.
https://support.avaya.com/ext/index?page=content&id=SOLN312079&pmv=print&impressions=false&viewlocale=en_US 2/4
23.08.2022 18:01 Avaya Knowledge - IP Office: Manager And IP Phones Show A Warning: The Security Certificate Will Expire In XXX Days/Certific…
the Delete button has been renamed to Regenerate as seen below, but perfoms the same function;
Note: After submitting the Certificate for regeneration the value "Issued to" seen in the Identify Certificate field will shows as "N/A" until the security settings
have been saved
Other Information:
1) WARNING: Generating a new certificate impacts on system resources and may cause a degradation of services. It is recommended to perform this task
out of normal business hours when the system is not being used
2) WARNING: Renewing the current certificate will impact on users, applications, and phones which are using the certificate for secure access. Ensure you
understand the implications prior to renewing.
3) If there is no secure environment, where certificates are not used, there would be no impact, however, the fact is the certificate is going to expire and
needs to be renewed.
Reference:
1) Office Certificate Maintenance is documented here: http://marketingtools.avaya.com/knowledgebase/businesspartner/ipoffice/mergedProjects/security/index.htm?
certificate_maintenance.htm (http://marketingtools.avaya.com/knowledgebase/businesspartner/ipoffice/mergedProjects/security/index.htm?certificate_maintenance.htm)
2) Security certificates are discussed in the “IP Office Platform Security Guidelines”
1) Use IP Office Manager to communicate without certificates: File > Preferences > Security tab > Manager Certificates Check > set to None
[This is not recommended, a system could be overlooked and then the certificate expire unexpectedly.]
2) Default the security settings which creates another unique, self-signed instance with same name but differing instance.
3) May need to clear the old certificates from the IP phones. https://support.avaya.com/ext/index?page=content&id=SOLN318186&group=UG_INTERNAL
(https://support.avaya.com/ext/index?page=content&id=SOLN318186&group=UG_INTERNAL)
4) If certificate is already expired you can renew it via Web Manager, and then reboot the system.
https://support.avaya.com/ext/index?page=content&id=SOLN312079&pmv=print&impressions=false&viewlocale=en_US 3/4
23.08.2022 18:01 Avaya Knowledge - IP Office: Manager And IP Phones Show A Warning: The Security Certificate Will Expire In XXX Days/Certific…
5) Older Version 9.0.3 did not have the options Manager Certificates Check under Secured Communication. Upgraded Manager to 10.1 and the option was there. This
had to be done in order to login to the IP Office after the certificate after they expired because we could not access it through Web Manager. We were then able to
regenerate the certificate. We then set Manager Certificates Check back to low.
Avaya -- Proprietary. Use pursuant to the terms of your signed agreement or Avaya policy
About Avaya Contacts Careers Site Map Terms of Use Privacy Statement
© 2022 Avaya Inc.
https://support.avaya.com/ext/index?page=content&id=SOLN312079&pmv=print&impressions=false&viewlocale=en_US 4/4