Original Message:
Sent: 7/19/2023 1:57:00 AM
From: Adrian Baker
Subject: RE: J Series Phones and SCEP Certificate Management
HI Tom,
I have set up SCEP for MTLS for are Environment across all Avaya Endpoints.
For the handsets follow this Video if you want to use SMGR as the Issuing server
https://www.iaug.org/viewdocument/enabling-mutual-authentication-for -
Just note use the below URL in the 46xxSettings.txt file to SMGR - This is where John had issues in the Video apart from that he is bang on the money
SET MYCERTURL http://x.x.x.x/ejbca/publicweb/apply/scep/pkiclient.exe
if you want to use a Microsoft CA once you have a working SCEP server just use this URL in the settings file,
SET MYCERTURL https://FQDN/certsrv/mscep/mscep.dll
Hope this Helps
Adrian,
------------------------------
Adrian Baker
IT
Clayton UTZ
SYDNEY
------------------------------
Original Message:
Sent: 06-02-2023 01:43 PM
From: Collingwood Twaddle
Subject: J Series Phones and SCEP Certificate Management
Hello, SCEP works with 96xx phones as well.
Something to note when SCEP is installed, is that every now and again the MAC / Serial number of the phones disappears, so you will need to add this info back. If you factory reset a phone, then you will need to re-enter the MAC / Serial number again.
The biggest advantage that i can see with SCEP is that the License should autogenerate a new certificate, but right now I have phones that are complaining that there Cert is about to expire.
Thanks
------------------------------
Collingwood Twaddle
Technical Advisor - National Capital Region, Voice
Shared Services Canada (SSC)
Ottawa
Original Message:
Sent: 01-19-2020 09:07 AM
From: Tom Lynn
Subject: J Series Phones and SCEP Certificate Management
Totally agree, Adam. Individual certs enables revocation without widespread impacts.
Original Message------
Chip, also to add clarity, the hardwired J-Series phones don't require a SCEP server, they can use the 46xxsettings file just like your other H.323 and SIP 96xx series phones. I think adding a SCEP server only adds value if you are looking to issue individual identity certificates to the J-Series endpoints at large scale to leverage secure WiFi or mutual authentication. Tom correct me if you have a different perspective...
------------------------------
Adam Schuyler
Principal Telecom Engineer
Science Applications International Corporation
Orlando FL
------------------------------