Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

the alarm: TLS cert is about to expire showed up on all our hosted avaya server today? 7

Status
Not open for further replies.

nothingworks101

Programmer
Aug 14, 2008
239
US
the alarm says:
TLS certificate is due to expire
Type: trusted store certificate
days remaining:60

did this happen to everyone?
I tried to renew certs on web page:)7071) and in security in manager, but it still shows up.

(they are all powered by Avaya hosted- r10, 10.1, 11)
 
it isn't just hosted, I made a mistake. I have started checking our other systems and see it on regular ip 500's also that are rel 10 or higher, but rel 9's don't have the issue?
 
Which certificate?

My IPO self-signed are valid until 2026.

"Trying is the first step to failure..." - Homer
 
cert_issue_vlvkvw.png
 
The IPO certificate (ipo1074695) will be created newly if you delete it. You should check if it is self signed or created by verisign by clicking 'view' in the upper area.

If it created by verisign, you should let them issue a new one.

IP Office remote service Fixed price SIP trunk configuration: CLI based cale blocking: SCN fallback over PSTN:
 
You need to create a new certificate through Platform View so it gets updated on all services.

"Trying is the first step to failure..." - Homer
 
I went to platform view, deleted the VeriSign cert, rebooted server and it same cert came right back with same date to expire?
 
Just had the same issue on my 2 server and expansion today. Realease 11.0.0.1
My colleague has the same on Ipo office release 11.0.4

Expires in 60 days...what’s going on.
 
We had the same thing happen a few years back where all the R9.1 and older systems were having expiring certificates on the same day. I know in that case it was because the system was expecting to connect a sntp server on first boot, which is rare, and if it didnt it would default to Jan 2010 and then create a 7 year certificate making it expire end of 2017. We got a lot of calls in January 2018 on this issue.

My guess is that something similar is happening here if a lot of people got 60 days remaining on the same day.

The truth is just an excuse for lack of imagination.
 
I've seen the same today, too. It's not possible to delete the certificate. You just only can ignore this warning. No certificates generated by this CA should be used anymore.

IP Office remote service Fixed price SIP trunk configuration: CLI based cale blocking: SCN fallback over PSTN:
 
Oh... Probably all phones with system phone rights will show the warning as well. So if necessary remove that rights.

IP Office remote service Fixed price SIP trunk configuration: CLI based cale blocking: SCN fallback over PSTN:
 
I went into platform view :7070 like janni78 mentioned and deleted the expiring cert and alarm went away for the server edition, to fix the ip 500 units I used port :8443
 
It's an Intermediate CA that expires Feb 7 2020.
Seems this is used if the IP Office is connected to Avaya Support.

A VeriSign intermediate certificate authority owned by Avaya.
Trusts the Avaya SSLVPN server and on-boarding files used for
the Avaya IP Office Support Services (IPOSS).
Required for IP Office registration and connection to IPOSS.


"Trying is the first step to failure..." - Homer
 
Deleting the certificate via WebManagement does indeed solve the issue - temporarily...
After the next system reboot the certificate reappears and so does the error message.
 
I guess Avaya will fix it in a later release, but it shouldn't affect anything if it expires.

"Trying is the first step to failure..." - Homer
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top