Avaya Knowledge - IP Office: SSL Certificates not Propagating to all ... https://support.avaya.com/ext/index?page=content&id=SOLN287937...

IP Office: SSL Certificates not Propagating to all Web Servers

Doc ID SOLN287937
Version: 30.0
Status: Published
Published date: 11 Jul 2022
Created Date: 22 Apr 2016
Author: Danny Lollo

Details
IP 500v2
IP Office Server Edition 9.1.x or higher
Linux Application Server 9.1.x or higher

Problem Clarification
1) Loaded new Certificate onto the Server, but none of the web services are using the new certificate. System has been rebooted, Certificate confirmed working on another System,
just will not load on all web services on this system. Issue affects Application Server, and IP Office Server Edition.

2) Server Edition is not using imported certificate for identity.Uploaded the customer provided cert (wildcard certificate, so it should be valid for any device with a particular domain)
following these instructions in solution part of: https://support.avaya.com/ext/index?page=content&id=SOLN276160 (https://support.avaya.com/ext/i ndex?page=content&id=SOLN276160)
Also rebooted the whole server. It seems that the new cert is being used if connect to https://<FQDN>, however all other ssl connections, like https://<FQDN>:7070 or 9443, 7071,
etc. are presenting the old self signed cert and therefore the browser is showing an error.

3) Server edition 11.1 3rd party certificate loaded to the server, but only Web Manager service is showing not secure, new certificate is not working.

Cause
File ".auto" missing.

Solution
There is a file with the name ".auto" in the /opt/Avaya/certs folder that tells the system to auto propagate the certificate to all web services when loaded. In this case that file was
missing.

Create the file in that folder, it is a blank 0 byte file, it just needs to see the name in the folder.

To Create file from ssh, log in as root.

1. Type > touch .auto

2. A 0 byte file call ".auto" will be created in the folder allowing the system to propagate the certificate to all the web servers on the IPOSE / App Server.

***Note*** All Web Services including One-X will restart

Additional Relevant Phrases

When we import the 3rd party certs we still receive the original self-signed certificate Avaya Communicator for Web Upload certificate on the app server SSL Certificate
is different on one port SOLN287937 Total outage and did recover - conflicto con acceso al ipo por web y certificados sin operacion situacion critica Issues with 3rd
party Certificate Invalid Signed Security Certificate from a Certified Certificate Authority in 7070 Third Party cert not assigning to web apps after import from Web
Manager on App Server Primary and secondary server using ipoffice-default certificate on web manager and platform after loading new certificate Unable to access
IPO Web Portal :7071 .auto missing /opt/Avaya/certs wildcard certificate loaded is not active opening Server Edition ports 7070/7071/9443 Not secure error with port
7070/7071/9443 Third Party Certificate renewed IX cert not working

Avaya -- Proprietary. Use pursuant to the terms of your signed agreement or Avaya policy

1 of 1 2024-01-16, 12:43 PM