If the certificate renewal or enrollment fails, the phone screen displays one of the following messages:
You can obtain error details in the corresponding debug logs of the phone with the CERTMGMT category. The following are the examples of common errors and solutions to fix:
Error |
Possible cause and solution |
Incorrect password |
Ensure the passwords in the 46xxsettings.txt file and SMGR are the same. |
401 unauthorized response received |
The Common Name (CN) or Distinguished Name (DN) of the current renewal request does not match the existing certificate. Refer to section Managing certificate CN and DN for renewal. |
403 response received during initial SCEP or certificate re-issuance |
Entity Class in SMGR has expired. Extend the validity of entity class in SMGR. |
404 response received during certificate re-issuance |
SMGR is not upgraded to 8.1.3 successfully. |
TLS handshake error |
The phone trust CA list does not contain the SMGR root cert. |
For further troubleshooting, you can refer to Avaya Aura® System Manager logs through CLI access and view the following files:
/var/log/Avaya/jboss/log/ejbca.log
/var/log/Avaya/jboss/log/server.log
/var/log/Avaya/mgmt/tm/tmAuditLog.log
/var/log/Avaya/mgmt/tm/tmTraceLog.log
