Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Two queries

Status
Not open for further replies.

msk69

MIS
May 29, 2020
335
PK
Hi can somebody help in below.

1- I know the steps to create simple certificates (P12 and PEM) from SMGR. I am not a expert in certificate stuff. Can some body help how to increase the certificate Validity??? What is the default validity of these certificate.

2- How can i check, Through ASA command, the serial number of any Peripheral card installed in the gateway and as well as how can i check the serial number of IP and SIP phones registered with CM and SM using the ASA command.
 
I’m no help to you on item 1.

If it’s an h.248 gw you can putty into it and there are documented commands that will show you details about the mm’s. For G650 cp’s I’m not sure. List config will show you the board info along with version. When you say serial number of phones, do you mean Mac addresses ?
 
Why would you increase the certificate Validity? I think in new systems it’s 2 years. You can change it in SMGR if you want. But for example IOS 13 and above won’t accept certs with a validity of more than 2 years.

Freelance Certified Avaya Aura Engineer

 
Thank friends for the help. Serial no mean the the 8 to 12 digit serial no at the back of Tel sets.
 
I would not increase the validity. This will create downstream problems, such as IOS devices. However to answer your question, you can change the validity length in System Manager --> Services --> Security --> Certificates --> Certificate Authorities --> Highlight tmedefaultca, (Active) --> Select "edit CA"... In there is the validity configuration, which is 3650 days by default. This is for the CA Root certificate (10 years) for default.

For the alias certificates the default is 2 years.
This can be changed from "certificate profile" and editing the ID_CLIENT_SERVER option, in there you will see the defauly validity set at 730 days. Which can be changed. But with caution since anything over 2 years will not work with IoS devices, and probably more in the future will not accept anything over 2 years.



 
Thanks Pal for the help. Can you please elaborate "This will create downstream problems, such as IOS devices"??? sorry if i am asking a basic question?
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top