Avaya Utility Server - IP Phone Certificate(s)

[thargi]

CM/SMGR/ASM/Utility Server 7.1

Two questions:
What specific certificate(s) should be used/generated for IP phones – 96xx, Vantage, H175, etc?
And, how are certificates (certs) supposed to be uploaded to Avaya Utility Server (AUS)?

I have a couple of certs that were generated from System Manager (SMGR). I attempted to upload them via the Upload Signed (CSR) Certificate and Upload Root Certificate links. However, when I did, it “broke” Utility Server – I was no longer able to get back into AUS. Avaya had to fix it. Avaya had the following to say about its fix:

[Avaya] found that the certificates are broken which eventually broke the connection with the http. If the certificate chain is broken for some reason, then Apache will not start and so it is tricky to see what is going on. However, there is a backup of the standard certificate stored on Utility Services. The active certificate chain is always Utility_Server.pem as stored in /etc/pki/tls. But the backup certificate is in the same directory and called MV_IPTel.pem. So, log on as root, copy the backup cert to Utility_Server.pem, and then restart Apache.

The problem with this is that customers do not have root access. Not a big deal; I can always have Avaya fix it under maintenance.

However, it is a big deal that I cannot upload a cert without breaking AUS.

I did try the Upload Files link, but that did nothing. I could not even find where the files went after being uploaded.

Any help would be appreciated.

[mlombardi1]

The "Upload CSR" and "Upload root cert" options are for changing the default certificate on the US itself used for HTTPS connections.

To upload a root certificate to be served to IP phones, use the "Upload custom phone file" option which places it into the /var/www/html/ directory.

The generic "Upload files" option places files into /tmp.

I agree that lacking root privilege on this product is a problem.

[thargi]

Quote:

Originally Posted by mlombardi1

The "Upload CSR" and "Upload root cert" options are for changing the default certificate on the US itself used for HTTPS connections.

To upload a root certificate to be served to IP phones, use the "Upload custom phone file" option which places it into the /var/www/html/ directory.

The generic "Upload files" option places files into /tmp.

I agree that lacking root privilege on this product is a problem.

Thank you for the response. I will give that a shot. I guess I thought that IP Phone Custom File Upload was just for .tar files (firmware files).

I wonder if I can ssh to the Utility Server via WinSCP and just move the files into that directory.

[thargi]

Quote:

Originally Posted by thargi

Originally Posted by mlombardi1
The "Upload CSR" and "Upload root cert" options are for changing the default certificate on the US itself used for HTTPS connections.

To upload a root certificate to be served to IP phones, use the "Upload custom phone file" option which places it into the /var/www/html/ directory.

The generic "Upload files" option places files into /tmp.

I agree that lacking root privilege on this product is a problem.

Thank you for the response. I will give that a shot. I guess I thought that IP Phone Custom File Upload was just for .tar files (firmware files).

I wonder if I can ssh to the Utility Server via WinSCP and just move the files into that directory.

Well, that worked. And, I can also move the files via SSH.
Thanks again.