Avaya Support Forums  
HomeContactsHow To Buy

Go Back   Avaya Support Forums > Telephones, Adjuncts, and Adapters
Reload this Page Renewing VPN Phone Certificate SCEP - MYCERTRENEW 9611G and 9630G
FAQ Forum Rules Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 02-03-2015, 11:53 AM
mbong mbong is offline
Hot Shot
  
Join Date: Aug 2012
Posts: 12
mbong has 11 reputation points
Question Renewing VPN Phone Certificate SCEP - MYCERTRENEW 9611G and 9630G
Hello,

We have VPN phones working well configured for user authentication along with a device certificate downloaded to the phone upon programming. The certificate is obtained using the Simple Certificate Enrollment Process (SCEP) from an MS Certificate Authority server.

We have this setup configured with 4621SW, 9630G (3.10S fw) and 9611G (6.3037 fw) phones. We currently reprogram phones with a new device certificate when one expires. However, there seems to be a way to automatically renew the certificate on 96x0 and 96x1 phones as evidenced by this parameter found in the settings.txt file:

## MYCERTRENEW specifies the percentage of the identity certificate's
## Validity interval after which renewal procedures will be initiated.
## Valid values are 1 through 99; the default value is 90.
## This parameter is supported by:
## 96x1 H.323 R6.0 and later
## 96x1 SIP R6.0 and later
## 96x0 H.323 R3.1 and later
## 96x0 SIP R1.0 and later
## SET MYCERTRENEW 90

I have opened tickets with Avaya and have not been able to receive much information on this. Based on firmware change-logs for these set types, it is supposed to work, but there doesn't seem to be any documentation specifically regarding the exact way this works.


Has anyone gotten this to work and/or can shed light on the following questions I have?

- When the phone initiates the renewal procedure, can the requests be seen on the MS certificate server? If so, where can we see this?
- How often does the phone initiate the procedure before it is successful and/or does it stop after a certain point of failure?
Reply With Quote
  #2  
Old 06-01-2015, 04:13 AM
agronw agronw is offline
Whiz
  
Join Date: Sep 2013
Posts: 30
agronw has 15 reputation pointsagronw has 15 reputation points
Default
Hi, I am interested in an answer as well... regards, andre
Reply With Quote
  #3  
Old 06-01-2015, 02:42 PM
fwilkepcs fwilkepcs is offline
Genius
  
Join Date: Nov 2013
Location: Germany
Posts: 360
fwilkepcs has 18 reputation pointsfwilkepcs has 18 reputation points
Default
I recently used that option with a customer who uses certificates and SIP for EAP TLS Radius authentication. It is documented that Mycertrenew defines the percentage of the certificate lifetime after that the phone will try to request a new certificate after 90% of the certificate lifetime. I set it to 1 to try and we could see that new certificates are generated every seven days in my example.

You should be able to see new generated certificates or declined certificate requests.
Reply With Quote
Reply

Tags
9611g, 9630g, mycertrenew, scep, vpn

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -7. The time now is 05:56 PM.

Avaya Support Forums - Archive - Top

This Forum is provided solely for the use and convenience of Avaya customers and partners. Use of the Forum is subject to the Terms and Use and Privacy Statement found at www.avaya.com. No other use is permitted. The Forum including all content posted is “AS IS” and Avaya expressly disclaims all warranties and/or guarantees as to its accuracy, reliability, usefulness, quality or non-infringement of intellectual property. Avaya reserves the right to remove any content posted on the Forum at any time and for whatever reason.

Avaya will not be liable for any content posted on this Forum, including, without limitation, any errors or omissions or for any losses or damages of any kind incurred as a result of use or reliance on any content, regardless of its origin.

You expressly understand and agree that you assume all risks associated with use or reliance on this content.