Product Support Notice



Similar documents
Product Support Notice. FTP backup MSS to a Windows 2003 Server

Product Support Notice

Product Support Notice

Product Support Notice

Product Support Notice

StoneGate SSL VPN Technical Note Adding Bundled Certificates

Marriott Enrollment Server for Web User Guide V1.4

DIGIPASS Authentication for Windows Logon Getting Started Guide 1.1

GB-OS. Certificate Management. Tel: Fax Web:

Symantec AntiVirus Corporate Edition Patch Update

Dell Statistica Statistica Enterprise Installation Instructions

Symantec Managed PKI. Integration Guide for ActiveSync

Renewing an SSL Certificate Provided by a Certificate Authority (CA) on the vwlan Appliance

webmethods Certificate Toolkit

CA Nimsoft Unified Management Portal

Installing an SSL Certificate Provided by a Certificate Authority (CA) on the vwlan Appliance

SSL Management Reference

Exchange 2010 PKI Configuration Guide

TelePresence Migrating TelePresence Management Suite (TMS) to a New Server

Using custom certificates with Spectralink 8400 Series Handsets

Cisco Prime Central Managing Certificates

Copy Tool For Dynamics CRM 2013

ASA 8.x: Renew and Install the SSL Certificate with ASDM

CA VPN Client. User Guide for Windows

Configuring TLS Security for Cloudera Manager

CA NetQoS Performance Center

SAP Business Intelligence Suite Patch 10.x Update Guide

About Recovery Manager for Active

RealShot Manager Compression Server software

How To Install Caarcserve Backup Patch Manager (Carcserver) On A Pc Or Mac Or Mac (Or Mac)

HP OpenView Adapter for SSL Using Radia

SolarWinds Technical Reference

LANDesk Management Suite 8, v8.1 Creating Custom Vulnerabilities

formerly Help Desk Authority Upgrade Guide

HP Quality Center. Software Version: Microsoft Word Add-in Guide

Intel vpro Technology. How To Purchase and Install Symantec* Certificates for Intel AMT Remote Setup and Configuration

Certificate technology on Pulse Secure Access

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

Configure Backup Server for Cisco Unified Communications Manager

Generating an Apple Push Notification Service Certificate

Certificate technology on Junos Pulse Secure Access

User Guide. BES12 Self-Service

BrightStor ARCserve Backup for Linux

MY HELPDESK - END-USER CONSOLE...

Security Analytics Engine 1.0. Help Desk User Guide

Intel Remote Configuration Certificate Utility Frequently Asked Questions

Symantec LiveUpdate Administrator. Getting Started Guide

ASA 8.x Manually Install 3rd Party Vendor Certificates for use with WebVPN Configuration Example

Quest ChangeAuditor 4.8

How To Install A Citrix Netscaler On A Pc Or Mac Or Ipad (For A Web Browser) With A Certificate Certificate (For An Ipad) On A Netscaler (For Windows) With An Ipro (For

Use QNAP NAS for Backup

CTERA Portal Datacenter Edition

Installing the BlackBerry Enterprise Server Management Software on an administrator or remote computer

Managing the SSL Certificate for the ESRS HTTPS Listener Service Technical Notes P/N REV A01 January 14, 2011

Symantec Backup Exec Management Plug-in for VMware User's Guide

Installing an SSL Certificate Provided by a Certificate Authority (CA) on the BlueSecure Controller (BSC)

HP OpenView Patch Manager Using Radia

Adeptia Suite 6.2. Application Services Guide. Release Date October 16, 2014

Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience

Secure Held Print Jobs. Administrator's Guide

Upgrade Guide. CA Application Delivery Analysis 10.1

Altiris Patch Management Solution for Windows 7.1 from Symantec Release Notes

Cisco UCS Director Payment Gateway Integration Guide, Release 4.1

Configuration (X87) SAP Mobile Secure: SAP Afaria 7 SP5 September 2014 English. Building Block Configuration Guide

Decommissioning the original Microsoft Exchange

Dell Statistica Document Management System (SDMS) Installation Instructions

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

Dell Recovery Manager for Active Directory 8.6. Quick Start Guide

NetBackup Backup, Archive, and Restore Getting Started Guide

Backup Exec 15. Quick Installation Guide

Security certificate management

IBM Security QRadar Version (MR1) Replacing the SSL Certificate Technical Note

SSL Manager. User Guide. July Welcome to AT&T Website Solutions SM

BES10 Self-Service. Version: User Guide

User Document. Adobe Acrobat 7.0 for Microsoft Windows Group Policy Objects and Active Directory

BlackBerry Enterprise Server Resource Kit BlackBerry Analysis, Monitoring, and Troubleshooting Tools Version: 5.0 Service Pack: 2.

AIMS Installation and Licensing Guide

Dell InTrust Preparing for Auditing Microsoft SQL Server

Implementation notes on Integration of Avaya Aura Application Enablement Services with Microsoft Lync 2010 Server.

Symantec Backup Exec 2010 R2. Quick Installation Guide

IBM Client Security Solutions. Client Security User's Guide

GTA SSO Auth. Single Sign-On Service. Tel: Fax Web:

Symantec ESM agent for IBM AS/400

Unicenter NSM Integration for BMC Remedy. User Guide

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

Upgrade: SAP Mobile Platform Server for Windows SAP Mobile Platform 3.0 SP02

Spotlight Management Pack for SCOM

Symantec Backup Exec TM 11d for Windows Servers. Quick Installation Guide

EMC ViPR Controller Add-in for Microsoft System Center Virtual Machine Manager

Citrix XenServer Workload Balancing Quick Start. Published February Edition

Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud

HP Application Lifecycle Management

M86 Web Filter USER GUIDE for M86 Mobile Security Client. Software Version: Document Version:

BlackBerry IT Policy Manager Research In Motion

Application Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008

Device Certificates on Polycom Phones

Intel vpro Technology. How To Purchase and Install Go Daddy* Certificates for Intel AMT Remote Setup and Configuration

Abstract. These Application Notes provide information for the setup, configuration, and verification of this solution.

Cisco Unified Communications Self Care Portal User Guide, Release 10.5(1)

Transcription:

PSN# PSN003393u Product Support Notice Original publication date: 10-Aug-11. This is Issue #02, published date: 7- Severity/risk level High Oct-14. Name of problem Cannot install a certificate on Avaya Aura Messaging 6.x. Products affected Avaya Aura Messaging: Releases 6.0.1 and 6.1 2014 Avaya Inc. All Rights Reserved. Urgency Immediately Problem description Get error invalid certificate when trying to install an openssl certificate for AAM. Resolution How to install a certificate on AAM 6.x Customers want to install their own vendor signed certificates on their AAM systems to alleviate the error they receive while logging into the SMI (web interface). These certificates are signed by a certificate authority and are built for a particular system name fully qualified domain name. Below are the instructions to install a certificate on an AAM 6.x server. The customer must generate a CSR (Certificate Signing Request) to send to their certificate authority (i.e. Entrust, VeriSign). 1. Login to the system via the SMI (web screens). Then select Server (Maintenance). 2. Then select Security>Certificate Signing Request.

3. Once you have generated the CSR request, you must send the certificate output from the CSR page to the certificate authority (CA). Below you will see the CSR name that you have just generated. Select the CSR (check the check box) and then select Display. Once you display the CSR, you must copy and paste a portion of the CSR data into Notepad where you can save the data. This Notepad document can then be sent to the CA by the customer. Below is the output of this CSR. Note you must copy the highlighted section below (Begin Certificate Request to End Certificate Requests). 2014 Avaya Inc. All Rights Reserved. Page 2

4. The certificate authority (CA) vendor (i.e. Entrust, VeriSign) will send back to the customer a certificate file. The certificate file will end with a.pem or.crt extension. This is the certificate that will be used for Avaya Aura Messaging voicemail. Installing this certificate will eliminate the error seen by customers when they log in to AAM via the SMI or web screens. 5. The certificates are chained certificates. To install a chained certificate you must install the CA Root certificate. Some certificate authorities, such as VeriSign will require you to install an Intermediate certificate. Once you load the Root certificate and Intermediate (if required), then you can install the messaging certificate. 6. The Root certificate has to be downloaded by the customer and is the first certificate that must be installed on the Aura Messaging system. Below are the links for the Root certificates for VeriSign and Entrust. NOTE: Larger customers may have a contract with the vendor and therefore have direct access to the Root and Intermediate certificates. The customer follows the directions on how to download the root certificate. If an intermediate certificate is required, the vendor s web site will direct the customer on how to obtain the intermediate certificate. a. VeriSign- http://www.verisign.com/repository/roots/root-certificates/pca-3g2.pem. You will copy the certificate information that is displayed into a file called PCA-3G2.pem b. Entrust- https://www.entrust.net/downloads/root_request.cfm. The customer must enter their name and email address and then select Entrust root CA and the Server/Host type would be Apache (OpenSSL). 6. Once the customer has all of the certificates (Root, Intermediate, messaging), then they can download them to the system. They must first copy these certificates to /var/home/ftp/pub directory. To copy these certificates to the /var/home/ftp/pub director, login to the SMI, select Server Maintenance>Miscellaneous>Download files. 2014 Avaya Inc. All Rights Reserved. Page 3

NOTE: The customer needs to have the certificates copied to the PC that will be used to log into the SMI. Then select Browse and to the certificate file location on the customer PC. 7. Once the certificates are copied to the /var/home/ftp/pub directory, they must be installed via the SMI. To install the certificates, login to the SMI and then chose Server Maintenance. 2014 Avaya Inc. All Rights Reserved. Page 4

Then select Security>Trusted Certificates. You must first install the certificate authorities Root certificate. To do this, a. Go to the Trusted Certificates page, and click Add. A secondary Add screen will display. b. At this Add screen, you enter the file name of the certificate that was saved to the /var/home/ftp/pub directory on the server. The file name must have either.pem or.crt extension. If the certificate file extension is.der, then you must convert it to a.pem extension. To do this, issue following command-openssl x509 -inform der -in certificate.der -out certificate.pem. You can run this command at the command line of the customer PC c. After you have added the file name of the certificate, select Open so the system can validate the certificate found at the /var/home/ftp/pub directory. After a successful validation, the Trusted Certificates Add page displays the issued-to, issued by, and expiration date information for the certificate you are adding. Note: An error message is displayed if the certificate is not a valid certificate. See troubleshooting section below. d. Enter a name for the certificate (use the certificate file name). You will see several repositories that you can add the certificate to. They are- C=CM related such as SIP PKI; W=Web server, M = Messaging. e. Since we are adding the Root certificate for an AAM certificate, select W and then click Add. The system verifies the following: 2014 Avaya Inc. All Rights Reserved. Page 5

The certificate name has a.pem or.crt extension. If the certificate name has a different extension, the system deletes it and replaces it with a.crt extension. The certificate name is unique and does not already exist. The certificate is not a duplicate certificate with a new name. f. The system will return with a success and the Root certificate for the certificate authority will display in the Trusted Certificates web screen. See an example below. NOTE: Once the Root certificate is installed, if you need to install an Intermediate certificate, you would use the same directions (see above). In the example below, we added the VeriSign Root certificate (PCA3G5.crt) and the VeriSign Intermediate certificate (VG5_2048).crt into the Trusted Certificates. Once these certificates are installed, then we can install the messaging certificate. 8. The messaging certificate will be installed in the Security>Server/Application Certificates Note: The messaging certificate file must be in the /var/home/ftp/pub directory and it must have a.pem or.crt extension. a. Select Web Server certificate, the press the Add button. b. The Add screen will request the file name of the certificate. You will enter in the AAM messaging certificate and if there is a password associated with the AAM messaging certificate, then select Open. 2014 Avaya Inc. All Rights Reserved. Page 6

c. The system verifies the following: The certificate name has a.pem or.crt extension. If the certificate name has a different extension, the system deletes it and replaces it with a.crt extension. The certificate name is unique and does not already exist. The certificate is not a duplicate certificate with a new name. 9. Once the AAM messaging certificate is installed, you can verify the installation of the certificate by going back to the Server/Application screen. There you will see the AAM certificate. 10. You must now restart Messaging from the Messaging SMI so the certificates are recognized. Troubleshooting tips If the certificate fails to load or you receive an error-could not get local issuer, then: a. the certificate is not in the correct format. Have the customer regenerate the CSR for the AAM certificate. Ensure they are using the correct FQDN for the AAM. b. If the CA is VeriSign, make sure they have the CA Root certificate and the intermediate certificate. They must have both installed before the AAM certificate can be installed. c. Make sure the file name extension that has been used to install is either.pem or.crt. If the file has a.txt extension, change it to.pem or.crt. Workaround or alternative remediation Remarks Patch Notes The information in this section concerns the patch, if any, recommended in the Resolution above. Backup before applying the patch Download Patch install instructions Verification Service-interrupting? Yes 2014 Avaya Inc. All Rights Reserved. Page 7

Failure Patch uninstall instructions Security Notes The information in this section concerns the security risk, if any, represented by the topic of this PSN. Security risks Avaya Security Vulnerability Classification Not Susceptible Mitigation If you require further information or assistance please contact your Authorized Service Provider, or visit support.avaya.com. There you can access more product information, chat with an Agent, or open an online Service Request. Support is provided per your warranty or service contract terms unless otherwise specified in the Avaya support Terms of Use. Disclaimer: ALL INFORMATION IS BELIEVED TO BE CORRECT AT THE TIME OF PUBLICATION AND IS PROVIDED AS IS. AVAYA INC., ON BEHALF OF ITSELF AND ITS SUBSIDIARIES AND AFFILIATES (HEREINAFTER COLLECTIVELY REFERRED TO AS AVAYA ), DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND FURTHERMORE, AVAYA MAKES NO REPRESENTATIONS OR WARRANTIES THAT THE STEPS RECOMMENDED WILL ELIMINATE SECURITY OR VIRUS THREATS TO CUSTOMERS SYSTEMS. IN NO EVENT SHALL AVAYA BE LIABLE FOR ANY DAMAGES WHATSOEVER ARISING OUT OF OR IN CONNECTION WITH THE INFORMATION OR RECOMMENDED ACTIONS PROVIDED HEREIN, INCLUDING DIRECT, INDIRECT, CONSEQUENTIAL DAMAGES, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF AVAYA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE INFORMATION PROVIDED HERE DOES NOT AFFECT THE SUPPORT AGREEMENTS IN PLACE FOR AVAYA PRODUCTS. SUPPORT FOR AVAYA PRODUCTS CONTINUES TO BE EXECUTED AS PER EXISTING AGREEMENTS WITH AVAYA. All trademarks identified by or TM are registered trademarks or trademarks, respectively, of Avaya Inc. All other trademarks are the property of their respective owners. 2014 Avaya Inc. All Rights Reserved. Page 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information