Avaya IPOSE - Renewing a Public Certificate
Other public certificate providers are available and the renewal of the certificate on those sites are outside the scope of this document
In the below screen we can see an example of an SSL Certificate expiring soon
Browse to the Avaya IPOSE (example)
https://avayalab.cpddc.com.au:411/46xxsettings.txt
View the Certificate (using Chrome)
The General tab will display the Identity Certificate
Select Details tab.
Export the Identity Certificate
Then select each of the other certificates in the chain and export these certificates.
Browse to the current WebRootCA.pem of the Avaya (example below)
https://avayalab.cpddc.com.au:411/WebRootCA.pem
Save this as OriginalWebRootCA.cer
You should now have four certificates downloaded (you can rename the files to a .cer extension, so you can open them in Windows to check them.
In IPO Manager, access Security Settings, Select System, Certificates
Select Add the certificates to the Trusted Store, import from file.
Once all certificates have been added. Save the Security Settings configuration.
In ZeroSSL select Renew
Keep the Domains the same.
Select Validity
Select or set the CSR (in our example we can use the Auto Generate CSR
This must match the previous certificate).
Finalize Your Order
Select the method to verify the domain (example DNS CNAME record)
Follow the steps and then verify the domain.
Example of record been created as required in DNS hosting platform.
Select Verify Domain.
Download the new certificate.
Extract the downloaded file, you will have 3 files.
In Avaya Manager, access the security settings of the IPO.
Select System, Certificates, Identity Certificate.
Select View to see the current expiration date.
Select Set, Paste from Clipboard, OK.
Open the file in the folder name certificate.crt with notepad.
Copy and paste the information into the Certificate tab.
Open the file in the folder named private.key with notepad.
Copy and paste the information into the Private key tab.
Select OK.
Select OK (bottom right).
Select File, Save Security Settings.
Select File, Close he Security Settings.
Select File, Open Security Settings
Login and check the Identity Certificate has renewed and has a new expiration date.
Browse to the Avaya IPOSE (example).
https://avayalab.cpddc.com.au:411/46xxsettings.txt
View the Certificate (using Chrome).
The General tab will display the Identity Certificate.
Select Details tab.
Export the Identity Certificate
Then select each of the other certificates in the chain and export these certificates.
In IPO Manager, Security Settings, General, Certificates.
In the Trusted Store Certificates select Add, Import Certificate from file.
If these are already in the Trusted Store (which they should be if it’s a renew).
Then the following message will be displayed.
Select OK (bottom right).
Select Save Security Settings.
Browse to the WebRootCA.pem of the Avaya (example below)
https://avayalab.cpddc.com.au:411/WebRootCA.pem
Download the file and rename to NewWebRootCA.cer
Open the certificate and compare to the OriginalWebRootCA.cer that you download earlier.
Confirm that they match.
Reboot a JSeries handset and confirm it registers and logs in ok as the Extension.
If there is an issue the JSeries phone and/or Workplace will fail to register and display “Acquiring Service” on the screen.
The common issues of Acquiring Service on the screen are.
1. The original public certificate was not renewed correctly.
Check and confirm the same CSR details applied to the original public certificate were used to create the new public certificate.
2. A WebRootCA.pem file was uploaded manually into the Primary (and Backup folder) of the IPO. Access the File Management (via Web Manager) or use Embedded File Management (via Manager). Check the Primary and Backup folders, if you find a file named WebRootCA.pem, it is recommended to download these files and then delete them from the folders. Add the downloaded WebRootCA.pem file to the Trusted Certificate Store via IPO Manager Security Settings.
Once the file has been deleted from the Primary folder and uploaded to the Trusted Certificate Store, reboot a JSeries handset and confirm it registers and logs in ok as the Extension. (or close a Workplace App (logout) and close. Then reopen and confirm it registers and logs in ok as the Extension.