SES: Sip Enablement Services Alarm; SES,S,94,MAJ

Avaya uses industry-standard digital Public Key Infrastructure (PKI) security certificates in many of its products to provide authentication and data encryption for communication links within its user solutions. As an industry-standard security measure, PKI certificates expire after a period of time.

On July 23, 2011, the certificates in certain releases of Avaya Aura™ Communication Manager, Avaya Aura™ SIP Enablement Services, Avaya Aura™ Conferencing, IP Softphone, IP Agent, Avaya one-X® Desktop, SIP Phone, and earlier versions of Avaya Aura™ Communication Manager Branch Edition (Distributed Office), expired. Certain critical functions within these products (see 'Impact of Expired Certificates' below) possibly experienced service outages if the PKI certificates were not updated prior to their expiration date.

The product releases listed in this bulletin are affected if their SIP connectivity to other applications uses Transport Layer Security (TLS) for encryption. No other SIP-capable products in Avaya's portfolio are impacted by the PKI certificates that expired on July 23.

Be advised that, due to the durability of many SIP connections (e.g. Communication Manager to SIP Enablement Services, Communication Manager to Modular Messaging or Voice Portal, etc.), it is very possible that some systems with expired certificates have not yet exhibited issues. The PKI certificate is only needed when a SIP connection needs to be re-established after being dropped deliberately or inadvertently. All SIP-enabled products at the release levels indicated below that use TLS for secure SIP communication, must receive an updated certificate. If nothing has been done to date, action should be taken immediately.

e.g. stat

Watchdog        9/ 9 UP
TraceLogger     3/ 3 UP
SME             7/ 7 UP
INADSAlarmAgen  1/ 1 UP
GMM             4/ 4 UP
SNMPManager     1/ 1 UP
ImLogger        3/ 3 UP
SipServer       2/44 PARTIALLY UP
CCSTrapAgent    1/ 1 UP
mon             1/ 1 UP