Avaya IPOSE - Renewing a Public Certificate

Avaya IPOSE - Renewing a Public Certificate

CommsPlus DistributionA picture containing text, clipartDescription automatically generated


Avaya IPOSE - Renewing a Public Certificate



In this document, we are using the website ZeroSSL to provide our public certificate 


Other public certificate providers are available and the renewal of the certificate on those sites are outside the scope of this document


In the below screen we can see an example of an SSL Certificate expiring soon



Browse to the Avaya IPOSE (example)

https://avayalab.cpddc.com.au:411/46xxsettings.txt


View the Certificate (using Chrome)

The General tab will display the Identity Certificate

A screenshot of a certificateDescription automatically generated



Select Details tab.

Export the Identity Certificate

Then select each of the other certificates in the chain and export these certificates.

A screenshot of a certificate viewerDescription automatically generated


Browse to the current WebRootCA.pem of the Avaya (example below)

https://avayalab.cpddc.com.au:411/WebRootCA.pem


Save this as OriginalWebRootCA.cer


You should now have four certificates downloaded (you can rename the files to a .cer extension, so you can open them in Windows to check them.


In IPO Manager, access Security SettingsSelect System, Certificates

Select Add the certificates to the Trusted Storeimport from file

Once all certificates have been added. Save the Security Settings configuration.

A screenshot of a computer errorDescription automatically generated


In ZeroSSL select Renew

A screenshot of a computerDescription automatically generated


Keep the Domains the same.

A screenshot of a certificateDescription automatically generated


Select Validity

A screenshot of a certificateDescription automatically generated



Select or set the CSR (in our example we can use the Auto Generate CSR

This must match the previous certificate).

A screenshot of a certificateDescription automatically generated


Finalize Your Order




Select the method to verify the domain (example DNS CNAME record)

Follow the steps and then verify the domain.

A screenshot of a computerDescription automatically generated


Example of record been created as required in DNS hosting platform.




Select Verify Domain.

A screenshot of a computerDescription automatically generated



Download the new certificate.

A screenshot of a computer errorDescription automatically generated


Extract the downloaded file, you will have 3 files.

A screenshot of a computerDescription automatically generated



In Avaya Manager, access the security settings of the IPO.

Select System, Certificates, Identity Certificate.

Select View to see the current expiration date.

A screenshot of a certificateDescription automatically generated



Select Set, Paste from Clipboard, OK.



Open the file in the folder name certificate.crt with notepad.

Copy and paste the information into the Certificate tab.

A screenshot of a computerDescription automatically generated





Open the file in the folder named private.key with notepad.

Copy and paste the information into the Private key tab.

A screenshot of a computerDescription automatically generated



Select OK.

Select OK (bottom right).

Select File, Save Security Settings.

Select File, Close he Security Settings.


Select File, Open Security Settings

Login and check the Identity Certificate has renewed and has a new expiration date.

A screenshot of a certificateDescription automatically generated






Browse to the Avaya IPOSE (example).

https://avayalab.cpddc.com.au:411/46xxsettings.txt


View the Certificate (using Chrome).

The General tab will display the Identity Certificate.

A screenshot of a certificateDescription automatically generated



Select Details tab.

Export the Identity Certificate

Then select each of the other certificates in the chain and export these certificates.

A screenshot of a certificate viewerDescription automatically generated



In IPO Manager, Security Settings, General, Certificates.

In the Trusted Store Certificates select Add, Import Certificate from file.



Select the certificates in the chain and upload each one (in our example we have two).



If these are already in the Trusted Store (which they should be if it’s a renew).

Then the following message will be displayed.

A close-up of a white backgroundDescription automatically generated

Select OK (bottom right).

Select Save Security Settings.







Browse to the WebRootCA.pem of the Avaya (example below)

https://avayalab.cpddc.com.au:411/WebRootCA.pem


Download the file and rename to NewWebRootCA.cer

Open the certificate and compare to the OriginalWebRootCA.cer that you download earlier.

Confirm that they match.

A screenshot of a certificateDescription automatically generated


Reboot a JSeries handset and confirm it registers and logs in ok as the Extension.


If there is an issue the JSeries phone and/or Workplace will fail to register and display “Acquiring Service” on the screen.


The common issues of Acquiring Service on the screen are.

1. The original public certificate was not renewed correctly.

Check and confirm the same CSR details applied to the original public certificate were used to create the new public certificate.

2. A WebRootCA.pem file was uploaded manually into the Primary (and Backup folder) of the IPO. Access the File Management (via Web Manager) or use Embedded File Management (via Manager). Check the Primary and Backup folders, if you find a file named WebRootCA.pem, it is recommended to download these files and then delete them from the folders. Add the downloaded WebRootCA.pem file to the Trusted Certificate Store via IPO Manager Security Settings.

Once the file has been deleted from the Primary folder and uploaded to the Trusted Certificate Store, reboot a JSeries handset and confirm it registers and logs in ok as the Extension. (or close a Workplace App (logout) and close. Then reopen and confirm it registers and logs in ok as the Extension.