Written By: |
Gary Tefft |
|---|---|
|
Manufacturer: |
Avaya |
|
Product: |
SMGR |
|
Version: |
R8.1 |
|
Patch Information: |
|
|
Ticket Number(s): |
Description:
SMGR 8.1 : SMGR default root certificate expiring soon and unable to renew via web page
Related Articles:
Problem Clarification:
When attempting to renew SMGR or ASM certs via web page, the end date does not renew for 2 years
Cause:
SMGR Root CA is expired or expiring soon. This is procedure for renewing SMGR default Root CA.
Solution:
Refer to the below System Manager Administration document for 8.1.x
https://download.avaya.com/css/public/documents/101058238
Procedure starts on pg. 1207 (full instructions are in System Manager Administration document)
Overview of System Manager root certificate authority created using SHA256withRSA signing algorithm and 2048 key size
System Manager that is upgraded from releases earlier than Release 7.0, contains root Certificate Authority (CA) that has a key size of 1024 bits and uses the SHA1withRSA algorithm for signing own certificates.
You can use the createCA utility to improve the level of security of the System Manager CA by updating the key size to 2048 bits and the algorithm to SHA256withRSA.
Before running the utility, note the following:
- You must not use the createCA utility of one release on another release.
- If you upgrade System Manager after running the createCA utility, you do not need to run this utility again on the upgraded System Manager as the CA is carry forwarded as part of the upgrade process.
-
You can use the utility in the following conditions:
-
When the System Manager root CA has been compromised.
Or, when you want to upgrade the signing algorithm and key size of the System Manager root CA.
Tip: When you run the utility, the system displays a message along with the signing algorithm information that is used to create the existing root CA. If the signing algorithm is SHA256withRSA, then you do not need to run this utility.
Starting from System Manager Release 7.0, the createCA utility can be run in a phased manner with the help of different options provided with the utility. The utility has the following options:
Option 1: Allows you to create a new root CA using SHA256withRSA signing algorithm and 2048 key size.
Option 2: Allows you to make the new root CA the default CA of System Manager.
Option 3: Allows you to run a single step process where the system creates a new root CA using SHA256withRSA signing algorithm and 2048 key size and makes that CA the default System Manager CA.
Manufacturer Release notes:
Disclaimer: intlx Solutions Knowledge Base
The information contained in this knowledge base ("Content") is provided for informational purposes only and is intended to be a general resource. intlx Solutions does not guarantee the accuracy, completeness, or timeliness of the Content.
Use at Your Own Risk: By accessing and using the Content, you agree that you do so at your own risk. intlx Solutions assumes no responsibility for any errors or omissions in the Content, nor for any damages or losses you may suffer arising out of or related to the use of the Content.
Current Customers: If you are a current intlx Solutions customer and have questions or require further clarification on any information presented here, please do not hesitate to contact our support team directly. They are available to assist you and ensure you have the most up-to-date information specific to your needs.
Not a Customer? If you are not currently an intlx Solutions customer but are interested in learning more about our solutions and how we can help your business, please click here. We look forward to the opportunity to discuss your needs and explore how a partnership with intlx Solutions can benefit you.
Thank you for your understanding.
This article contains data that is aimed at helping fix an issue with a product. Please use this information at your own risk as intlx Solutions is not responsible for actions taken by the steps or procedures shown in these articles.