×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

HTTPS on Utility Server

HTTPS on Utility Server

HTTPS on Utility Server

(OP)
I requested my vendor to upgrade my J169 phone to upgrade to latest SIP firmware using my Utility Server 7.1.3. I requested to test HTTPS (which is ON by default) but did not work at all. Vendor enabled the http sh script via cli, after that it started working. I have read that 96xx models has limitations to work on HTTPS which Avaya said working as designed. But it seems even the latest phone models??? Any comments?

RE: HTTPS on Utility Server

Do you have certificates in place to support HTTPS? You may need to do an HTTP connection first to get the certificate into the phone before it can use HTTPS.

RE: HTTPS on Utility Server

is there a way on the 242 option to set groups for phones and also get certificates prior to using the AADS or utility server?

RE: HTTPS on Utility Server

(OP)
@gwebster - thank you for the reply. Yes, I have a root CA, but I'm not so sure if it can be of help. HTTP is not a secure port and it can't be open because our security team will put this as a risk. If I will configure HTTP IP address on the phone, it will definitely continue to use port 80 all the way till it upgrade itself, so it doesn't make any sense.

I think what you are trying to say, is I will upgrade it first by using HTTP port, when it grabs the Root CA, then on the next firmware upgrade I will use HTTPS. But next question is, if the phone reboots will it still retain the Root CA? I can see some loop holes on this.

@cal3500 not sure of AADS, never use it before as Utility server. I cannot set group its because it is mandatory to use HTTPS.

RE: HTTPS on Utility Server

The CA certs are non-volatile and survive a reboot. You can use a dedicated HTTP server for initial provisioning then put the phone into production and use HTTPS. We routinely do this for 802.1x configurations where the phone must first get an identity cert using SCEP before it can be let onto the network.

RE: HTTPS on Utility Server

(OP)
The CA certs are non-volatile and survive a reboot. You can use a dedicated HTTP server --- was a bit lost on this.

Are you saying that once the IP Phone picked up the Root CA by using HTTP port, regardless how many times the phone reboots, the Root CA will still be there?

RE: HTTPS on Utility Server

Yes, that is exactly what he is saying. You have to either reset the phone to default or perform a special reload of the settings file to wipe the certs from the set once it has them.

RE: HTTPS on Utility Server

@Wanebo, yes the CA certs remain on the phone unless you do a clear. A reboot of the phone will not delete the certificate files.

RE: HTTPS on Utility Server

(OP)
What if i completely unplug the phone (no power at all) - then after 5 mins, plug it again, Still there? I'm sorry, i just want to make this clear. I don't have much time to test and my project manager is just rediculous.

RE: HTTPS on Utility Server

Yes. They will still be there. We used to load phones in the office on a mass basis for projects, unplug them and put them in boxes with all the required parts and instructions, stack them up and send them out to at home users up to a year later and they still had the certs.

Like has been said, you have to either clear the set (and per Avaya engineers I have spoken to that doesn't always work) or you have to use a specially formatted TRUTCERTS section of the 46xxsettings.txt file to clear them.

RE: HTTPS on Utility Server

hey Wanebo...

You mean SET TRUSTCERTS "" is what you need to do to clear them if CLEAR doesn't work?

RE: HTTPS on Utility Server

That is correct Kyle.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close