9611: 9611 desk phone gives certificate expire warning - Certificate expires at 1969-12-31:T23:59:59.

Doc ID		SOLN312796
Version:		2.0
Status:		Published
Published date:		14 Dec 2017
Created Date:		21 Jul 2017

Author:

Levente Szabo

Details

9611G
hw rev: D02B and D02C
fw: H.323 6.4.014 and 6.6.2.29

Problem Clarification

User has 2 networks:
1.) used for provisioning the phone, from here phone supposedly downloads the EAP-TLS certificate it will use on the production network for 802.1x authentication
2.) production network with 802.1x authentication enabled

When the phone comes online on network #1 it displays a certificate warning:
Certificate Warning: Certificate ... expires at 1969-12-31:T23:59:59.
This is obviously false as the certificate is valid till Y2043. Otherwise all works fine, 802.1x authentication is successful and phone works OK.

Cause

Since the certificate was created with notAfter date set to year 2043, the problem seems to be related to the Y2038 known problem tied to 32 bit Linux – refer to https://en.wikipedia.org/wiki/Year_2038_problem and http://openssl.6102.n7.nabble.com/Year-2038-and-CA-certificate-td15936.html

Solution

Certificate warning: currently there is only a workaround available, change needed in the 46xxsettings.txt file:
SET CERT_WARNING_DAYS 0
(0 means no certificate expiration warning will be generated. )

The next GA firmware patch (possibly it will be available only in 2018) shall contain the fix:
H32396X1-14262

Additional Relevant Phrases

Getting certificate error even though regenerated certificate and modified 46xx settings file

Avaya -- Proprietary. Use pursuant to the terms of your signed agreement or Avaya policy