Avaya Support Forums

Avaya Support Forums (http://support.avaya.com/forums/index.php)
-   Avaya Networking Products (http://support.avaya.com/forums/forumdisplay.php?f=25)
-   -   Certificates on Ignition server (http://support.avaya.com/forums/showthread.php?t=5065)

bdholmes 09-03-2014 11:14 AM

Certificates on Ignition server
 
Our security dept renewed or Root and Signing CA certificates. When I try to load the new certificates into our Ignition server it says the name cannot match an existing certificate and refuses to load.

Don't I need the old and new since most of our objects were signed with the old. Or can I just delete the old and load the new?

Many of our objects were not signed with the new certificates yet.

Or will the ignition server only look at the name on the certificate for trust? None of the other information on the certificate matters? date, serial # etc..

Trying to understand how this is going to work.

bdholmes 09-03-2014 05:04 PM

This is actually broken in v9.0.1. One cannot load two certificates with the same name, even if the public key is different. I will have to try and get a bug fix from Avaya for this as our public certificate is expiring soon, so we simply renewed it with the same name.

The problem is the Ignition server will only allow us to load the old or the new and not both. So if I load the new, all old clients become untrusted...and if I load the old, any client signed by the new will be untrusted.

In a pickle here.

rshaynes 10-03-2014 09:51 AM

Duplicate Certificate Import Concern
 
Brian,

Thank you for reporting this issue via the forums. We would appreciate that if you believe you have identified potential product related issues that you raise a services support request with Avaya Support Services @ https://support.avaya.com.

In the interim I will review your findings and discuss with our development teams regarding this issue.


All times are GMT -7. The time now is 08:54 PM.