Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

System Manager 6.3 Root Cert Renew

Status
Not open for further replies.
RedTech443

RedTech443

MIS
Nov 22, 2013
600
US
I have a SMGR 6.3 with expiring ROOT certs, trying to find the easiest way to update this.

Looking through the various support documents. I see the only way to update the SMGR 6.3 root cert is by creating a new RootCA cert "tmdefaultca" assigning all the profiles to it correctly and then running a script from cli and finally a reboot of jboss. After this I would need to download the new root ca and install it on the devices that may need it, CM, LSPs, SBCs, AES, AACC etc.. Does this sound about right?

update:
Or should I use the createCA.bin script, seems like an easier option as it does everything for me, then I just need to place the new cert on any device that needs it?




 
Sort by date Sort by votes
I had a chance to test this in my lab. I spun up a smgr 6.3.20 and sm 6.3.20 and tested

I used the createCA.bin process which is outlined in an avaya support article I found.

There is a utility which is included in release SMGR 6.3.9 onwards called createCA.bin which allows you
to create a root CA quickly and easily in a 1 step process. However, you are limited to only being able to
provide a Common Name (CN) value for the new root CA.
If this is ok, then please refer to the Administering System Manager guide for details on how to run the
createCA.bin script and ignore the following steps.
However, if you want to have more control over the values of your new root CA such as providing more
information in the subject DN than just the CN or configuring the Signing Algorithm, etc then please follow
the steps below to manually create your new root CA.
Click to expand...

After doing this I only had to re-init SM to replicate properly and download the new root cert.

Link to Support Document

 
Upvote 0 Downvote
That's what I was going to say. Jest for fun, check if the CA cert is 2048 now. It was 1024 originally, and that was still OK for most things like iPhones for a while but eventually even if the server cert was 2048 bit, the requirement is that the CA be 2048 also. That createCA.bin in 7.x on will change it to 2048.
 
Upvote 0 Downvote
Think I used CertificateRenewalUtility_v2.bin in the past on 6.3 off Avaya Site, only the Adobe Flash player to worry about now.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

RedTech443
  • Locked
  • Question
Cert renew for 3.1 system
Replies
0
Views
235
RedTech443
RedTech443
hcmbmt
  • Locked
  • Question
SMGR 6.3 Renew certificate failed
2
Replies
21
Views
3K
serg0
serg0
tthunder
  • Locked
  • Question
Avaya System Manager Export Call Flows
Replies
2
Views
406
ZeroZeroOne
ZeroZeroOne
TBUCEngineer
  • Locked
  • Question
Avaya System Manager 6.3 rebooting
Replies
0
Views
236
TBUCEngineer
TBUCEngineer
sanniadnan
  • Locked
  • Question
SMGR's (System Manager) Certificate Auto Renewed
Replies
6
Views
908
JefferP
JefferP

Part and Inventory Search

Sponsor

Back
Top