Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

security certificate will expire in xxx days 11

Status
Not open for further replies.

joe2938

Programmer
Dec 16, 2010
3,285
US
I have researched this and have fixed the certificate warning but when it tells you the system will be unresponsive for 5 minutes is this only for administrating the system only? or does it affect the end users being able to make calls etc... I have only done this remote so I have had zero complaints but want to be positive as I need to address our hospital customers, thanks in advance.
 
The system still functions, but I did notice dialtone was a bit delayed when I tried it on my lab system as it burns a lot of CPU time to generate the new certificate. I do that work during a scheduled maintenance window for a hospital or other 24x7 operation, or after hours for other customers.
 
Thanks for the update, most appreciated. Will schedule for after hours or best possible time in this case.
 
I had it twice a few days ago, in both cases the message was "expiring in 179 days", I unchecked "secure communications" under manager preferences
 
Yes @yoe2938, no strange behaviours, both IP500 no SE
 
Yes turning off secure communications will also remove the warning because you are no longer getting the certificate so manager can't see the certificate will expire. I have had a lot of calls about this recently it seems everyone got it at once so my guess is everyone's ends the same day (last day of the year). Simple to re-generate the certificate but some people want the easy button so turning off secure communications is the easy button.

The truth is just an excuse for lack of imagination.
 
I've been seeing this myself all over the place with customers of varying software releases, some with Server Edition and others are just 500v2's. I've seen two methods to remedy this, both came from Avaya. In one place, it was regenerate the cert, which I did on a brand new, out of the box system I started programming the other day. It had a mix of digital and analog expansion modules patched into the 500v2, and I lost the connection via SSA for maybe a minute or less. When the connection came back, I noticed I had a list of link alarms for the 6 expansions, but no indication of a reboot.

The other one I've seen is delete the cert and I guess it will generate a new one. I've not gone this route.

Anyone have suggestions on which would method be the better?
 
I just regenerated the certificate and it worked great!
 
I got an information why this warning comes up for so many systems at the same time.

Every fresh installed IP500 that is started the first time and is not able to get the correct time and date from a time server will set its time to 2010/01/01 00:00 and creates a self signed certificate that is valid for seven years. So all those certificates will have the same end date set to 2017/12/31 23:59

That's why we get all those warnings now.

You should regenerate the certificate in any case because not only the manager login users that certificate but also 1XP and other services as well as SCN and phones that connect via TLS.

The recommendation is to create a valid cert through an AppServer or Server Edition Server or from another CA.

If such a certificate is not needed I would recommend to recreate the IPO cert during initial setup as soon as the box has a valid time set.
 
But if you don't use TLS apps or TLS SCN connections the certificate is not necessary, IPO500 first setup does not require any
 
Its easy enough to have the IP Office generate a new self-signed certificate if that is the one you are using. Log into security settings and under System | Certificates click Regenerate, click OK and then click the save icon (the new certificate generation doesn't actually start when you click the Regenerate button). All over in a few minutes.

Stuck in a never ending cycle of file copying.
 
I just had a customer reach out to us that has an IP Office 500v2 but it does not give him the option to regenerate, so I told him to delete it and reboot and IP Office will then regenerate the certificate.
 
Delete is enough. When you save the security settings it will generate a new one.
 
Thanks good to know as rebooting at a hospital is not an option
 
just as an fyi, unticking secure communications does get rid of the error message however then manager will take a good minute for the config to open so you may not want to go that route
 
Yes. Unchecking secure communication causes it to take a long time to load a config. I wouldn't opt for that option.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top