General IAUG Discussion Forum

Hi,

We are trying to implement a SHA2 cert using our internal CA in our J-Series Phones. Anyone knows if there is a White papper / Application nodes on this model? I can only see for 9600 phone model.

We got the SHA1 work but SHA2 is failing. The error we get is SCEP installation failed even though the phones are plugged in a non-secure switch port.

------------------------------
Jesryll Jimenez
Telecommunications Engineer
Standard Chartered Bank
Singapore
------------------------------

Hello Jesryll,
Is your SHA2 certificate signed by the same authority as your SHA1 certificate?  If not, have you provided your phones with the root and possibly the intermediate issuing authority trust certificates?

Are your J-phones using h.323 and registering to PROCR or SIP firmware registering to Session Manager?

Do CM or SM trust the issuing CA of the SHA2 certificate?


------------------------------
Tom Lynn
Forum Moderator
Principal Engineer
Nordstrom, Inc.
Seattle
------------------------------

Original Message:
Sent: 06-28-2021 12:45 AM
From: Jesryll Jimenez
Subject: SHA2 Implementation on Avaya J-Series Phones

Hi,

We are trying to implement a SHA2 cert using our internal CA in our J-Series Phones. Anyone knows if there is a White papper / Application nodes on this model? I can only see for 9600 phone model.

We got the SHA1 work but SHA2 is failing. The error we get is SCEP installation failed even though the phones are plugged in a non-secure switch port.

------------------------------
Jesryll Jimenez
Telecommunications Engineer
Standard Chartered Bank
Singapore
------------------------------

Hi Tom,

My environment is full SIP end to end. The SHA2 certificate server has a brand new certificate path, so I'm starting from scratch again. Just to give you a background on what we have:

NAC port is enabled on our environment. So we tried plugging in the phone to a non-nac port first to download the root and intermediate CA before moving it to a nac-enabled port. We configure the File Server where to pickup the 46xx settings where all certificates are stored, and the SCEP setting parameters. Since we are doing this first time, we copy the settings of SCEP parameters in the 46xx settings. We can see that the csr file is getting signed, but its prompting unable to install.

If my understanding is correct, the phone will have a key file and a csr file generated and loaded to its memory. SHA2 certs requires a p12/pfx with a username and password. If this is correct, then i think im missing a step but i don't know where to start. 46xx settings seems no info about it.

------------------------------
Jesryll Jimenez
Telecommunications Engineer
Standard Chartered Bank
Singapore
------------------------------

Original Message:
Sent: 07-03-2021 03:54 PM
From: Tom Lynn
Subject: SHA2 Implementation on Avaya J-Series Phones

Hello Jesryll,
Is your SHA2 certificate signed by the same authority as your SHA1 certificate?  If not, have you provided your phones with the root and possibly the intermediate issuing authority trust certificates?

Are your J-phones using h.323 and registering to PROCR or SIP firmware registering to Session Manager?

Do CM or SM trust the issuing CA of the SHA2 certificate?


------------------------------
Tom Lynn
Forum Moderator
Principal Engineer
Nordstrom, Inc.
Seattle

Original Message:
Sent: 06-28-2021 12:45 AM
From: Jesryll Jimenez
Subject: SHA2 Implementation on Avaya J-Series Phones

Hi,

We are trying to implement a SHA2 cert using our internal CA in our J-Series Phones. Anyone knows if there is a White papper / Application nodes on this model? I can only see for 9600 phone model.

We got the SHA1 work but SHA2 is failing. The error we get is SCEP installation failed even though the phones are plugged in a non-secure switch port.

------------------------------
Jesryll Jimenez
Telecommunications Engineer
Standard Chartered Bank
Singapore
------------------------------