AVAYA DOCUMENTATION CENTER
Find answers to your technical questions and learn how to use our products
No results found
Search suggestions:
- Use fewer tags and filters.
- Use different search terms.
Filters
AVAYA DOCUMENTATION CENTER
Find answers to your technical questions and learn how to use our products
No results found
Search suggestions:
- Use fewer tags and filters.
- Use different search terms.
Filters
IP Office Security Guidelines
Server Edition Primary/Application Server Initial Certificate Settings
Last Updated : Jul 24, 2024 |
During the ignition process of a Linux-based IP Office server as a primary or application server, you can chose to let the server generate self-signed certificates or import a set of certificates from a third-party CA.
If you chose to use the IP Office self-signed certificates, the IP Office generates the following root and indenity certificates.
Default IP Office CA Root Certificate
Certificate Field |
Contents |
Notes |
|---|---|---|
Version |
|
X.509 V3 format. |
Serial Number |
Large random number |
A unique serial number of up to 20 bytes. |
Signature Algorithm |
|
– |
Issuer |
|
Where
The correct hostname was not set during ignition, use the following and then regenerate the certificate.
|
Subject |
See above. |
The same as the Issuer. |
Issued By |
|
Where |
Issued To |
|
Where |
Valid From |
|
Matches the server ignition UTC date and time minus 24- hours.
|
Valid To |
Approximately 10-years from the Valid From date and time. |
– |
Subject Alternative Name(s) |
|
Where |
Enhanced Key Usage |
|
– |
Basic Constraints |
|
Marked as critical. Indicate that you can use the certificate to sign identity or intermediate CA certificates. |
Key Usage |
|
Marked as non-critical. Indicates the functions for which you can use the IP Office CA certificate. |
Subject Key Identifier |
|
This value is placed in the Authority Key Identifier certificates signed using this certificate. |
Subject Key Identifier |
Signature data |
– |
Public Key Algorithm |
RSA |
– |
Public Key |
2048 bits |
– |
Identity Certificate
If you chose to have the IP Office create its own root CA certificate during ignition, the IP Office also creates an identity certificate for itself.
Certificate Field |
Contents |
Notes |
|---|---|---|
Version |
|
X.509 V3 format. |
Serial Number |
Large random number |
Same as the root certificate Serial Number above plus 1. |
Signature Algorithm |
|
– |
Issuer |
|
Where
The correct hostname was not set during ignition, use the following and then regenerate the certificate.
|
Subject |
See above. |
The same as the Issuer. |
Issued By |
|
Where |
Issued To |
|
Where |
Valid From |
|
Typically two or three minutes after the Valid Fromtime of the root certificate above. |
Valid To |
Approximately 2-years from the Valid From date and time. |
– |
Subject Alternative Name(s) |
|
Where Multiple IP address are included based on the addresses of the server ports configured during ignition and whether you also configured IPv6 addresses. |
Key Usage |
|
Marked non-critical. Indicates the functions for which you can use the IP Office CA certificate. |
Basic Constraints |
|
Marked critical. Indicate that you can use the certificate to sign identity or intermediate CA certificates. |
Enhanced Key Usage |
|
– |
Subject Key Identifier |
|
This value is placed in the Authority Key Identifier certificates signed using this certificate. |
Subject Key Identifier |
Signature data |
– |
Public Key Algorithm |
RSA |
– |
Public Key |
2048-bits |
– |
Note 1:
Identity certificate regeneration is done automatically if the IP Office Web Manager setting Platform View > Settings > General > Certificates > Renew automatically is active (default).
The correct LAN 1 and LAN 2 address should be set during ignition. If not, the identity certificate must be regenerated.
Related information