Avaya IP500v2 – Regenerate Avaya Self Signed Identity Certificate
Access the Security Settings of the IP500v2 using Manager.
In Manager select File, Advanced, Security Settings.
Login with the Administrator credentials.
Select System, Certificates.
Select View on the Identity Certificate, you can see the expiration date of the certificate.
Select Details, Subject Alternative Name.
You can see the existing SAN details.
If these are already programmed in the configuration then they will be shown here.
Make a note of these.
Select OK to close the Certificate.
Warning (PLEASE READ)
The Avaya Self Signed Identity Certificate is also the Root Certificate on an IP500v2
The Root Certificate is used by J100 SIP phones and Workplace Applications to register to the system via TLS.
When the Identity Certificate is regenerated, the certificate that is created is a new certificate, even if the details (SAN) are the same in the new certificate as the old certificate.
This will mean that once regenerated, the IP500v2 has a new Root Certificate, which in turn will mean the J100 SIP phones and devices running Workplace will stop working, as they have the old certificate.
The J100 SIP phones only download the certificate once on initial configuration, once a new Avaya Self Signed certificate has been regenerated, the J100 SIP phones will need to be reset to default and connected to the IP500v2 again to download the new certificate.
Any device running the Workplace Application, will need the new certificate installed on the device for the Workplace Application to register again.
PLEASE NOTE IF USING A PUBLIC CERTIFICATE AS THE IP500V2 IDENTITY CERTIFICATE
(NOT THE AVAYA SELF SIGNED CERITIFICATE)
IF THE NEW PUBLIC CERTIFICATE WAS A RENEWAL OF THE ORIGINAL (OLD) PUBLIC CERTIFICATE. THEN THE J100 SIP PHONES AND WORKPLACE WILL CONTINUE TO WORK. THERE IS NO REQUIREMENT TO RESET the J100 SIP PHONES (AS IT IS A PUBLIC CERTIFICATE, THERE IS NO NEED TO UPLOAD A CERTIFICATE TO ANY DEVICE USING WORKPLACE APPLICATION)
Regenerating the Avaya Self Signed Certificate
Select Regenerate on the Identity Certificate.
Set the Default Subject Name as something that will reference the system.
In the Subject Alternative Name confirm the details are correct
Example (include DNS entries for any domain, FQDN and IP addresses (both public and internal). include IP entries for both public and internal IP addresses. Include a URI:SIP entry for any domain or FQDN names)
DNS:cawood.xyz,DNS:ipo.cawood.xyz,DNS:159.196.49.246,DNS:192.168.86.200,IP:192.168.86.200,IP:192.168.43.1,IP:159.196.49.246,URI:SIP:ipo.cawood.xyz,URI:SIP:cawood.xyz
Select OK
The Issued To will change to N/A
Select OK (bottom right).
Select File, Save Security Settings.
Select File, Close Security Settings.
Select File, Open Security Settings.
Select the IP500v2 and login with the Administrator credentials.
(note sometimes the IP500v2 can take a few minutes to be accessible again, during the certificate regeneration process)
Select System, Certificates.
Select View on the new Identity Certificate.
Confirm the new expiration date of the certificate.
Check the Subject Alternative Name to confirm the details are correct.