Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IP Office 11 certificate renewal J100 series phones acquiring service after reboot

Status
Not open for further replies.
NOTaPhoneGuy2020

NOTaPhoneGuy2020

Systems Engineer
Jun 22, 2020
5
US
Good afternoon,

I have a client that recently renewed their GoDaddy certificate and updated the certificate in IPO 11.0.1 server edition. After the certificate was renewed, they found that if a phone was rebooted/lost power/etc., the phone would get stuck at acquiring service. A factory reset will resolve the issue. However, they have several hundred phones, and if there was a switch reboot for maintenance, or a power issue, they could be looking at several phones needing to be factory reset.

We believe the issue is related to the certificate. If a phone is factory reset, and then reboots, it will load with the configuration without issue.

We have a case open with Avaya, and they are wanting to blame the network.

Does anyone have any ideas on how to resolve this?
 
Sort by date Sort by votes
From my understanding the J100 will store the first cert it gets and uses that. Since the cert was changed on the IPO, it will not match whats on the J100, so it has to be cleared so it can pull the new cert. Looks like all the phones will have to be cleared.
 
Upvote 0 Downvote
The Avaya tech created a new CSR and had the client regenerate the certificate. This resolved the phones going into TLS alarm.

The CSR was used to regenerate a wildcard cert, which ended up breaking all of the servers secure connections.

The client ordered a new cert, and we went through the whole issue again, as the CSR was missing the sip domain.

Changing the SIP domain in IPO allowed the phones to pull the config after they were rebooted.
 
Upvote 0 Downvote
The phones need and store the Root certificate from the server.
The server has this, as well as the identity certificate which is for the server and signed by the Root cert.
In case of a paid cert like GoDaddy, also an intermediate certificate is used.
If you need to change or include detail like the SIP domain, then only the server's identity needs to be changed.
The Root cert is unchanged. Therefore, the Root cert, stored in the phone is still the same and correct.
-> You may update the identity cert.
-> Never change the Root cert, once the system is in service. Unless you know what you do.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dsm600rr
  • Locked
  • Question
Random Phones - Acquiring Service. IPO SE Remote Phones
Replies
19
Views
922
derfloh
derfloh
BrianCosta
  • Locked
  • Question
46xxsettings.and J100 Series Phones
Replies
0
Views
190
BrianCosta
BrianCosta
William C290
  • Locked
  • Solved
J100 Phones on Remote Location
Replies
5
Views
468
William C290
William C290
pontim
  • Locked
  • Question
J100 phones lose all audio
Replies
3
Views
190
atcom
atcom
dsm600rr
  • Locked
  • Question
Remote Phones over TLS, R11.1.3.1 - Soft Phones Log in, J100's Aquiring Service 5
2
Replies
32
Views
503
dsm600rr
dsm600rr

Part and Inventory Search

Sponsor

Back
Top