Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

the alarm: TLS cert is about to expire showed up on all our hosted avaya server today? 7

Status
Not open for further replies.
nothingworks101

nothingworks101

Programmer
Aug 14, 2008
239
0
0
US
the alarm says:
TLS certificate is due to expire
Type: trusted store certificate
days remaining:60

did this happen to everyone?
I tried to renew certs on web page:)7071) and in security in manager, but it still shows up.

(they are all powered by Avaya hosted- r10, 10.1, 11)
 
Sort by date Sort by votes
Upvote 0 Downvote
it isn't just hosted, I made a mistake. I have started checking our other systems and see it on regular ip 500's also that are rel 10 or higher, but rel 9's don't have the issue?
 
Upvote 0 Downvote
Which certificate?

My IPO self-signed are valid until 2026.

"Trying is the first step to failure..." - Homer
 
Upvote 0 Downvote
cert_issue_vlvkvw.png
 
Upvote 0 Downvote
The IPO certificate (ipo1074695) will be created newly if you delete it. You should check if it is self signed or created by verisign by clicking 'view' in the upper area.

If it created by verisign, you should let them issue a new one.

IP Office remote service Fixed price SIP trunk configuration: CLI based cale blocking: SCN fallback over PSTN:
 
Upvote 0 Downvote
You need to create a new certificate through Platform View so it gets updated on all services.

"Trying is the first step to failure..." - Homer
 
Upvote 0 Downvote
I went to platform view, deleted the VeriSign cert, rebooted server and it same cert came right back with same date to expire?
 
Upvote 0 Downvote
Just had the same issue on my 2 server and expansion today. Realease 11.0.0.1
My colleague has the same on Ipo office release 11.0.4

Expires in 60 days...what’s going on.
 
Upvote 0 Downvote
We had the same thing happen a few years back where all the R9.1 and older systems were having expiring certificates on the same day. I know in that case it was because the system was expecting to connect a sntp server on first boot, which is rare, and if it didnt it would default to Jan 2010 and then create a 7 year certificate making it expire end of 2017. We got a lot of calls in January 2018 on this issue.

My guess is that something similar is happening here if a lot of people got 60 days remaining on the same day.

The truth is just an excuse for lack of imagination.
 
Upvote 0 Downvote
I've seen the same today, too. It's not possible to delete the certificate. You just only can ignore this warning. No certificates generated by this CA should be used anymore.

IP Office remote service Fixed price SIP trunk configuration: CLI based cale blocking: SCN fallback over PSTN:
 
Upvote 0 Downvote
Oh... Probably all phones with system phone rights will show the warning as well. So if necessary remove that rights.

IP Office remote service Fixed price SIP trunk configuration: CLI based cale blocking: SCN fallback over PSTN:
 
Upvote 0 Downvote
I went into platform view :7070 like janni78 mentioned and deleted the expiring cert and alarm went away for the server edition, to fix the ip 500 units I used port :8443
 
Upvote 0 Downvote
It's an Intermediate CA that expires Feb 7 2020.
Seems this is used if the IP Office is connected to Avaya Support.

A VeriSign intermediate certificate authority owned by Avaya.
Trusts the Avaya SSLVPN server and on-boarding files used for
the Avaya IP Office Support Services (IPOSS).
Required for IP Office registration and connection to IPOSS.

"Trying is the first step to failure..." - Homer
 
Upvote 0 Downvote
Deleting the certificate via WebManagement does indeed solve the issue - temporarily...
After the next system reboot the certificate reappears and so does the error message.
 
Upvote 0 Downvote
I guess Avaya will fix it in a later release, but it shouldn't affect anything if it expires.

"Trying is the first step to failure..." - Homer
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

a.kasuri
  • Question
AVAYA IP OFFICE SIP TRUNK OVER TLS SRTP, SEND and LISTEN PORTS
Replies
1
Views
177
a.kasuri
a.kasuri
Rhinorhino
  • Locked
  • Question
Avaya start up tone 1
Replies
1
Views
68
Westi
Westi
Richard_Harrow
  • Locked
  • Question
A certificate expired on my secondary server and I'm unable to regenerate it.
Replies
3
Views
127
derfloh
derfloh
dsm600rr
  • Locked
  • Question
Remote J100's - New/Renew TLS Certificates 3
Replies
5
Views
127
dsm600rr
dsm600rr
ITgingaUK
  • Locked
  • Question
Best place to sell our Avaya system
Replies
2
Views
64
ipohead
ipohead

Part and Inventory Search

Sponsor

Back
Top