Scribd Logo
Upload

Welcome to Scribd!

  • Avaya Knowledge - IP Office - Manager and IP Phones Show A Warning - The Security Certificate Will Expire in XXX Days - Certificate Error Detected (IP Office Certificate Date(s) Are Invalid) PDF

    Uploaded by

    Murat barut
    463 views4 pages
    IP Office_ Manager And IP Phones

    Original Title

    Avaya Knowledge - IP Office_ Manager And IP Phones Show A Warning_ The Security Certificate Will Expire In XXX Days_Certificate Error Detected (IP Office Certificate Date(s) Are Invalid).pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    IP Office_ Manager And IP Phones

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    463 views4 pages

    Avaya Knowledge - IP Office - Manager and IP Phones Show A Warning - The Security Certificate Will Expire in XXX Days - Certificate Error Detected (IP Office Certificate Date(s) Are Invalid) PDF

    Uploaded by

    Murat barut
    IP Office_ Manager And IP Phones

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    23.08.

    2022 18:01 Avaya Knowledge - IP Office: Manager And IP Phones Show A Warning: The Security Certificate Will Expire In XXX Days/Certific…

    Avaya Support Website Help

    IP Office: Manager And IP Phones Show A Warning: The Security


    Certificate Will Expire In XXX Days/Certificate Error Detected (IP
    Office Certificate Date(s) Are Invalid)
    Doc ID    SOLN312079
    Version:    101.0
    Status:    Published
    Published date:    17 Aug 2022
    Created Date:    05 Jul 2017
    Author:    Stephen Edge  

    Details
    IP Office 500v2: Systems Acting as a Stand alone or Server Expansion.
    All releases
    IPOLNX 11.1.0.0.0 build 237
    IPOLNX 11.0.0.2.0 build 23

    Problem Clarification
    Systems with a Self-Signed Certificate display an error stating that the security certificate will expire in XXX days.

    IP Office Web Manager report that the certificate expires by December 2017 and when using the IP Office Manager to connect to an IP Office system, a warning pop-
    up message is seen which states:

    "The security certificate will expire in XXX days"

    XXX days = the number of days remaining until 31 December 2017.

    Below is an example of the warning:

    If it is already expired it will show;

    Case 2: System status will not show up and displays the license error

    Case 3: Certificate on Manager shows future generate and expiry date- Year 2032 to 2042

    Cause
    The security certificate in the IP Office has an expiry date as mentioned in the warning. There is no fault.  Certificate Valid dates shown as:

        Not Before: Dec 31 12:00:00 2010 GMT


        Not After : Dec 31 12:00:00 2017 GMT

     The default date is December 2010, so creating a new certificate adds 7 years to that date, to December 2017

    Note: Although the expiry and renewal of certificates is a normal maintenance process, for some IP Office systems the expiry is much earlier than expected. Avaya
    have identified this is caused by the system not having a time reference when first booted, with no time reference the system would create the certificate based on a
    start date of 1 January 2011. As the certificate is valid for 7 years, the expiry is 31 December 2017.

    Solution
    NOTE: To connect to the system after the certificate has expired, go to File - Preferences - Security tab, and select None.

    https://support.avaya.com/ext/index?page=content&id=SOLN312079&pmv=print&impressions=false&viewlocale=en_US 1/4
    23.08.2022 18:01 Avaya Knowledge - IP Office: Manager And IP Phones Show A Warning: The Security Certificate Will Expire In XXX Days/Certific…
    To resolve this issue a new self signed certificate will need to be generated.

    Please refer to PSN005052u, updated 7 November 2017 with additional information. The PSN is available here:
    https://downloads.avaya.com/css/P8/documents/101042398 (https://downloads.avaya.com/css/P8/documents/101042398)
    NOTE:  After completing this process you will need to reboot all IP Sets to pull the new Certificate.

    1) Ensure the current date/time are set correctly. (Verify in System Status)

    2) Renew / Replace the current security certificate with a new certificate prior to the expiry of the current certificate.

    3) After the certificate renewal, any H.323 phones using TLS/HTTPS, it may be necessary to manually update the certificate on the phone using the process
    detailed in PSN0500042u.

    If the IP Office default certificates are being used, they can be regenerated from either Manager [in the security settings] or Web Manager.

    Below shows how to view the certificate in Manager > File > Advanced > Security settings

    FOR AN IPOFFICE 9. X AND LESS

     In the example above, the date shown above item 4. is not 31 December 2017 so this system does not generate the warning.

    The certificates highlighted in green in the Trusted Certificate Store are not related to this problem.

    Obs: To access the Security Settings use security/securitypwd (user/password)

     To Resolve the Certificate error using the default IP Office certificate:

    1. Log into the IP Office Security Settings


    2. Click on System and Certificate.
    3. Delete the Certificate and click OK. The IP Office will report that all call processing will stop - see WARNING below

    4. Click OK and save the Security Settings.


    5. Close the Security Settings.
    6. Log back into the Security and verify the new certificate has been updated with a start date of today and an expiry in 7 years.

    https://support.avaya.com/ext/index?page=content&id=SOLN312079&pmv=print&impressions=false&viewlocale=en_US 2/4
    23.08.2022 18:01 Avaya Knowledge - IP Office: Manager And IP Phones Show A Warning: The Security Certificate Will Expire In XXX Days/Certific…
     

    FOR IP OFFICE 10.X or 11.X

    the Delete button has been renamed to Regenerate as seen below, but perfoms the same function;

    Note: After submitting the Certificate for regeneration the value "Issued to" seen in the Identify Certificate field will shows as "N/A" until the security settings
    have been saved

    For Partner/Basic Edition

    To default a system's security settings using IP Office Manager

    1. Start IP Office Manager.


    2. Select File | Advanced | Erase Security Settings (Default).
    3. Select the system from the menu and click OK.
    4. Enter a name and password for security configuration access.
    5. IP Office Manager indicates when the security settings have been reset.

    Other Information:

    1) WARNING: Generating a new certificate impacts on system resources and may cause a degradation of services. It is recommended to perform this task
    out of normal business hours when the system is not being used

    2) WARNING: Renewing the current certificate will impact on users, applications, and phones which are using the certificate for secure access. Ensure you
    understand the implications prior to renewing. 

    3) If there is no secure environment, where certificates are not used, there would be no impact, however, the fact is the certificate is going to expire and
    needs to be renewed.

     Reference:
    1) Office Certificate Maintenance is documented here: http://marketingtools.avaya.com/knowledgebase/businesspartner/ipoffice/mergedProjects/security/index.htm?
    certificate_maintenance.htm (http://marketingtools.avaya.com/knowledgebase/businesspartner/ipoffice/mergedProjects/security/index.htm?certificate_maintenance.htm)
    2) Security certificates are discussed in the “IP Office Platform Security Guidelines”

    For IP Office 9.1 - https://downloads.avaya.com/css/P8/documents/101008102 (https://downloads.avaya.com/css/P8/documents/101008102)


    For IP Office 10.0 - https://downloads.avaya.com/css/P8/documents/101028353 (https://downloads.avaya.com/css/P8/documents/101028353)
    For IP Office 10.1 - https://downloads.avaya.com/css/P8/documents/101039408 (https://downloads.avaya.com/css/P8/documents/101039408)

    The following may also be considered;


    1) Use IP Office Manager to communicate without certificates: File > Preferences > Security tab > Manager Certificates Check > set to None
        [This is not recommended, a system could be overlooked and then the certificate expire unexpectedly.]

    2) Default the security settings which creates another unique, self-signed instance with same name but differing instance.

    3) May need to clear the old certificates from the IP phones. https://support.avaya.com/ext/index?page=content&id=SOLN318186&group=UG_INTERNAL
    (https://support.avaya.com/ext/index?page=content&id=SOLN318186&group=UG_INTERNAL)

    4) If certificate is already expired you can renew it via Web Manager, and then reboot the system.

    https://support.avaya.com/ext/index?page=content&id=SOLN312079&pmv=print&impressions=false&viewlocale=en_US 3/4
    23.08.2022 18:01 Avaya Knowledge - IP Office: Manager And IP Phones Show A Warning: The Security Certificate Will Expire In XXX Days/Certific…
    5) Older Version 9.0.3 did not have the options Manager Certificates Check under Secured Communication. Upgraded Manager to 10.1 and the option was there. This
    had to be done in order to login to the IP Office after the certificate after they expired because we could not access it through Web Manager. We were then able to
    regenerate the certificate. We then set Manager Certificates Check back to low.

    Updating Certificate on Remote H323 Extensions using TLS and HTTPS


    Note - For phones not using TLS/HTTPS, and using IP Office as the file server, a simple re-boot of the phone after regenerating the certificate is all that is required.
    This process shows how to remove the current certificate from the phone, so that the phone will not be able to perform certificate checks. The IP Office certificate can then be
    renewed and downloaded to the phones like it was done in the initial deployment.
    1. Download the 46xxsettings.txt file from the IP Office by entering http://192.168.42.1/46xxsettings.txt in a browser. This URL is case-sensitive.
    However, you can modify the IP Address as required. Copy the above link and paste it in a text editor like Notepad.
    2. Edit the line with the certificate: SET TRUSTCERTS "Root-CA-01234ABC.pem" (filename will be different)
     
    To remove the certificate filename: SET TRUSTCERTS "".
    3. Save the file to the PC.
    4. If there is already an explicit 46xxsettings.txt on the SD card, temporarily rename it (For example: 46xxsettings.bak).
    5. Paste the edited file to the SD card.
    6. Restart all the remote phones by using SSA for example. Watch SysMon to ensure that all phones obtain the new settings file.
     
    At this stage, the telephones will delete the stored certificates.
    7. Refresh the certificate on the IP Office.
    8. Delete the 46xxsettings.txt file. If there was a file on the card previously, update it with the new certificate filename. Obtain that by the above process and edit the
    46xxsettings.bak to include the new filename, and then save it back with the .txt extension.
    9. Restart the phones again. Do this manually on the phone as it will not have registered to the IP Office without a certificate. The system will then download the new certificate
    and normal functionality will be restored.
     
    If this process fails, then the phones can be reset to remove the old certificate by using the CLEAR procedure, then re-configuring them after the IP Office certificate has been
    regenerated.
     
    In addition,  have the software on the IP Office loaded on the latest software version for the level of IP Office
     
     

    + Additional Relevant Phrases

    Avaya -- Proprietary. Use pursuant to the terms of your signed agreement or Avaya policy

    About Avaya Contacts Careers Site Map Terms of Use Privacy Statement
    © 2022 Avaya Inc.

    https://support.avaya.com/ext/index?page=content&id=SOLN312079&pmv=print&impressions=false&viewlocale=en_US 4/4

    You might also like