Unified Communications

 View Only

  • 1.  J Series Phones and SCEP Certificate Management

    Posted 10-31-2019 12:17 PM
    I'm looking to collaborate with any IAUG members that have successfully implemented SCEP servers for J-Series Phone Certificate Enrollment.

    If you've done this, or are working on this, please get in touch.

    Thank you,


    ------------------------------
    Tom Lynn
    Principal Engineer
    Nordstrom, Inc.
    Seattle
    ------------------------------


  • 2.  RE: J Series Phones and SCEP Certificate Management

    Posted 11-13-2019 03:32 PM
    Wait, if I want to use J-series phones, I need a separate server to manage certificates for them?
    Original Message


  • 3.  RE: J Series Phones and SCEP Certificate Management

    Posted 11-13-2019 09:36 PM
    Not necessarily.  The  process described is supposed to help automate mass deployment of said phones, allowing us to auto enroll the certificate on a hard-wire connection, allowing the phone to transition to the wireless network thereafter.


    ------------------------------
    Tom Lynn
    Principal Engineer
    Nordstrom, Inc.
    Seattle
    ------------------------------

    Original Message


  • 4.  RE: J Series Phones and SCEP Certificate Management

    Posted 11-13-2019 03:56 PM
    I too would be curious what you hear back on this, as J-Series is on our roadmap as the SIP Rollout of new VoIP Phones.


    ------------------------------
    James Davis
    Voice and Data Senior Engineer
    University of Nebraska Medical Center
    Omaha NE
    ------------------------------

    Original Message


  • 5.  RE: J Series Phones and SCEP Certificate Management

    Posted 01-17-2020 05:06 PM
    Edited by Adam Schuyler 01-18-2020 08:04 AM
    Tom,

    We started looking at this, but unfortunately it keeps getting back burnered to other priorities. I really like the direction Avaya is heading with SCEP and automated certificate renewal though... Our main challenge was that we didn't have an Enterprise SCEP server in production and we were likely looking at using our internal CA/PKI for WiFI similar to the Windows Desktops. It seems like most MDM solutions have SCEP embedded in the product acting as an intermediate CA. Maybe in future releases we'll see that built into AADS or SMGR? Wishful thinking?

    Best Regards,

    Adam

    ------------------------------
    Adam Schuyler
    Telecom Engineer
    Science Applications International Corporation
    Orlando FL
    ------------------------------

    Original Message


  • 6.  RE: J Series Phones and SCEP Certificate Management

    Posted 01-18-2020 08:14 AM
    Chip, also to add clarity, the hardwired J-Series phones don't require a SCEP server, they can use the 46xxsettings file just like your other H.323 and SIP 96xx series phones. I think adding a SCEP server only adds value if you are looking to issue individual identity certificates to the J-Series endpoints at large scale to leverage secure WiFi or mutual authentication. Tom correct me if you have a different perspective...

    ------------------------------
    Adam Schuyler
    Principal Telecom Engineer
    Science Applications International Corporation
    Orlando FL
    ------------------------------

    Original Message


  • 7.  RE: J Series Phones and SCEP Certificate Management

    Posted 01-19-2020 09:08 AM
    Totally agree, Adam.  Individual certs enables revocation without widespread impacts. 




    Original Message


  • 8.  RE: J Series Phones and SCEP Certificate Management

    Posted 06-06-2023 03:30 PM

    Hello, SCEP works with 96xx phones as well. 

    Something to note when SCEP is installed, is that every now and again the MAC / Serial number of the phones disappears, so you will need to add this info back. If you factory reset a phone, then you will need to re-enter the MAC / Serial number again. 

    The biggest advantage that i can see with SCEP is that the License should autogenerate a new certificate, but right now I have phones that are complaining that there Cert is about to expire.

    Thanks



    ------------------------------
    Collingwood Twaddle
    Technical Advisor - National Capital Region, Voice
    Shared Services Canada (SSC)
    Ottawa
    ------------------------------

    Original Message


  • 9.  RE: J Series Phones and SCEP Certificate Management

    Posted 07-19-2023 12:57 AM

    HI Tom, 

                      I have set up SCEP for MTLS for are Environment across all Avaya Endpoints.  

      For the handsets follow this Video if you want to use SMGR as the Issuing server

    https://www.iaug.org/viewdocument/enabling-mutual-authentication-for -

    Just note use the below URL in the 46xxSettings.txt file to SMGR - This is where John had issues in the Video apart from that he is bang on the money  

    SET MYCERTURL http://x.x.x.x/ejbca/publicweb/apply/scep/pkiclient.exe
    if you want to use a Microsoft CA once you have a working SCEP server just use this URL in the settings file,

    SET MYCERTURL https://FQDN/certsrv/mscep/mscep.dll

    Hope this Helps
    Adrian,


    ------------------------------
    Adrian Baker
    IT
    Clayton UTZ
    SYDNEY
    ------------------------------

    Original Message


  • 10.  RE: J Series Phones and SCEP Certificate Management

    Posted 07-19-2023 09:01 AM

    Thank you for this.

     

    Colin Twaddle

     

     

    Technical Advisor - National Capital Region, Voice Managed Services (DND-East)

    Digital Service (DS) / Telecommunications

    Shared Services Canada / Government of Canada

    collingwood.twaddle@ssc-spc.gc.ca / Cel : 343-597-2907

     

    Conseiller technique - Région de la capitale nationale, Services gérés de la voix (MDN-est)

    Services numériques (SN) é Télécommunications

    Services partagés Canada / Gouvernment du Canada

    collingwood.twaddle@ssc-spc.gc.ca / Cel : 343-597-2907 

     


    Sig

     




    Original Message