INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

security certificate will expire in xxx days

security certificate will expire in xxx days

(OP)
I have researched this and have fixed the certificate warning but when it tells you the system will be unresponsive for 5 minutes is this only for administrating the system only? or does it affect the end users being able to make calls etc... I have only done this remote so I have had zero complaints but want to be positive as I need to address our hospital customers, thanks in advance.

RE: security certificate will expire in xxx days

The system still functions, but I did notice dialtone was a bit delayed when I tried it on my lab system as it burns a lot of CPU time to generate the new certificate. I do that work during a scheduled maintenance window for a hospital or other 24x7 operation, or after hours for other customers.

RE: security certificate will expire in xxx days

(OP)
Thanks for the update, most appreciated. Will schedule for after hours or best possible time in this case.

RE: security certificate will expire in xxx days

I had it twice a few days ago, in both cases the message was "expiring in 179 days", I unchecked "secure communications" under manager preferences

RE: security certificate will expire in xxx days

(OP)
@hibroth and that worked as well?

RE: security certificate will expire in xxx days

Yes @yoe2938, no strange behaviours, both IP500 no SE

RE: security certificate will expire in xxx days

Yes turning off secure communications will also remove the warning because you are no longer getting the certificate so manager can't see the certificate will expire. I have had a lot of calls about this recently it seems everyone got it at once so my guess is everyone's ends the same day (last day of the year). Simple to re-generate the certificate but some people want the easy button so turning off secure communications is the easy button.

The truth is just an excuse for lack of imagination.

RE: security certificate will expire in xxx days

This warning has been reported by many partners, globally.



RE: security certificate will expire in xxx days

I've been seeing this myself all over the place with customers of varying software releases, some with Server Edition and others are just 500v2's. I've seen two methods to remedy this, both came from Avaya. In one place, it was regenerate the cert, which I did on a brand new, out of the box system I started programming the other day. It had a mix of digital and analog expansion modules patched into the 500v2, and I lost the connection via SSA for maybe a minute or less. When the connection came back, I noticed I had a list of link alarms for the 6 expansions, but no indication of a reboot.

The other one I've seen is delete the cert and I guess it will generate a new one. I've not gone this route.

Anyone have suggestions on which would method be the better?

RE: security certificate will expire in xxx days

(OP)
I just regenerated the certificate and it worked great!

RE: security certificate will expire in xxx days

I got an information why this warning comes up for so many systems at the same time.

Every fresh installed IP500 that is started the first time and is not able to get the correct time and date from a time server will set its time to 2010/01/01 00:00 and creates a self signed certificate that is valid for seven years. So all those certificates will have the same end date set to 2017/12/31 23:59

That's why we get all those warnings now.

You should regenerate the certificate in any case because not only the manager login users that certificate but also 1XP and other services as well as SCN and phones that connect via TLS.

The recommendation is to create a valid cert through an AppServer or Server Edition Server or from another CA.

If such a certificate is not needed I would recommend to recreate the IPO cert during initial setup as soon as the box has a valid time set.

RE: security certificate will expire in xxx days

But if you don't use TLS apps or TLS SCN connections the certificate is not necessary, IPO500 first setup does not require any

RE: security certificate will expire in xxx days

Its easy enough to have the IP Office generate a new self-signed certificate if that is the one you are using. Log into security settings and under System | Certificates click Regenerate, click OK and then click the save icon (the new certificate generation doesn't actually start when you click the Regenerate button). All over in a few minutes.

Stuck in a never ending cycle of file copying.

RE: security certificate will expire in xxx days

(OP)
I just had a customer reach out to us that has an IP Office 500v2 but it does not give him the option to regenerate, so I told him to delete it and reboot and IP Office will then regenerate the certificate.

RE: security certificate will expire in xxx days

2
Delete is enough. When you save the security settings it will generate a new one.

RE: security certificate will expire in xxx days

(OP)
Thanks good to know as rebooting at a hospital is not an option

RE: security certificate will expire in xxx days

Great thread.

The rain in Spain falls mainly on the northern mountains.

RE: security certificate will expire in xxx days

(OP)
just as an fyi, unticking secure communications does get rid of the error message however then manager will take a good minute for the config to open so you may not want to go that route

RE: security certificate will expire in xxx days

Yes. Unchecking secure communication causes it to take a long time to load a config. I wouldn't opt for that option.

RE: security certificate will expire in xxx days

thanks IamaSherpa
have some pink for the link to Avaya's site.

Joe W.

FHandw, ACSS (SME)


"This is the end of the world, make sure to buy your T-shirt before it is too late"
Original expression of my daughter

RE: security certificate will expire in xxx days

[quote]
joe2938 (Programmer)
(OP)
13 Jul 17 12:34
Thanks good to know as rebooting at a hospital is not an option
[\quote]
A hospital should not run on an IPOfice as it is not redundant but only resilliant (bad and slow also)


BAZINGA!

I'm not insane, my mother had me tested!

RE: security certificate will expire in xxx days

(OP)
well we never made the decision to install this at a hospital, we took over this account from another vendor

RE: security certificate will expire in xxx days

Still good to talk to the customer about the limitations and exceptions smile

BAZINGA!

I'm not insane, my mother had me tested!

RE: security certificate will expire in xxx days

(OP)
We have already

RE: security certificate will expire in xxx days

I'm seeing on a 500 that is an expansion in a Server Edition solution, Regenerate is not available, only Delete. I've done it to a couple so far with success. I didn't notice any disruption of service in terms of a disconnect from SSA like I did last week when I regenerated the cert for a new 500 during prep.

With all of these, after I saved from security settings, I went back in and viewed the certificate and now it's set to expire in 2024.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close