×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

System Manager 6.3 Root Cert Renew

System Manager 6.3 Root Cert Renew

System Manager 6.3 Root Cert Renew

(OP)
I have a SMGR 6.3 with expiring ROOT certs, trying to find the easiest way to update this.

Looking through the various support documents. I see the only way to update the SMGR 6.3 root cert is by creating a new RootCA cert "tmdefaultca" assigning all the profiles to it correctly and then running a script from cli and finally a reboot of jboss. After this I would need to download the new root ca and install it on the devices that may need it, CM, LSPs, SBCs, AES, AACC etc.. Does this sound about right?

update:
Or should I use the createCA.bin script, seems like an easier option as it does everything for me, then I just need to place the new cert on any device that needs it?




RE: System Manager 6.3 Root Cert Renew

6.3.what?

RE: System Manager 6.3 Root Cert Renew

(OP)
ah yes, 6.3.20.

RE: System Manager 6.3 Root Cert Renew

(OP)
I had a chance to test this in my lab. I spun up a smgr 6.3.20 and sm 6.3.20 and tested

I used the createCA.bin process which is outlined in an avaya support article I found.

Quote:

There is a utility which is included in release SMGR 6.3.9 onwards called createCA.bin which allows you
to create a root CA quickly and easily in a 1 step process. However, you are limited to only being able to
provide a Common Name (CN) value for the new root CA.
If this is ok, then please refer to the Administering System Manager guide for details on how to run the
createCA.bin script and ignore the following steps.
However, if you want to have more control over the values of your new root CA such as providing more
information in the subject DN than just the CN or configuring the Signing Algorithm, etc then please follow
the steps below to manually create your new root CA.

After doing this I only had to re-init SM to replicate properly and download the new root cert.

Link to Support Document

RE: System Manager 6.3 Root Cert Renew

That's what I was going to say. Jest for fun, check if the CA cert is 2048 now. It was 1024 originally, and that was still OK for most things like iPhones for a while but eventually even if the server cert was 2048 bit, the requirement is that the CA be 2048 also. That createCA.bin in 7.x on will change it to 2048.

RE: System Manager 6.3 Root Cert Renew

Think I used CertificateRenewalUtility_v2.bin in the past on 6.3 off Avaya Site, only the Adobe Flash player to worry about now.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close