Howto:Setup new push.innovaphone.com certificate: Difference between revisions

From innovaphone wiki
Jump to navigation Jump to search
← Older edit
VisualWikitext
 
(7 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{FIXME|reason=Draft, not finished yet!}}
==Applies To==
==Applies To==
This information applies to
This information applies to
Line 8: Line 6:


===Problem Details===
===Problem Details===
On 01.09.2025 we will change the used certificate in the Push infrastructure. Today we use <code>*.innovaphone.com</code> which will expire every year, and you have to update it every year. This is used in the PBX trust list to establish an encrypted connection between your PBX and the innovaphone push service. To simplify this in the future, we will change the certificate once again to a certificate which is signed by our <code>innovaphone Device Certification Authority 2</code>.
On 01.09.2025 we will change the certificate used in our push infrastructure. Currently, we use <code>*.innovaphone.com</code> which expires annually and requires updating. This certificate is used in the PBX trust list to establish an encrypted connection between your PBX and the innovaphone push service. To simplify this process in the future, we will replace the certificate with one signed by our <code>innovaphone Device Certification Authority 2</code>.


To ensure that Push will work for your customers after 01.09.2025, verify that the CA certificate <code>innovaphone Device Certification Authority 2</code> or the single certificate <code>push.innovaphone.com</code> is in the trust list of the respective PBXes.
To ensure that push will continues to work for your customers after 01.09.2025, please verify that either the CA-Certificate <code>innovaphone Device Certification Authority 2</code> or the single certificate <code>push.innovaphone.com</code> is present in the trust list of the relevant PBXes.
This certificate is only relevant for gateways on which Push is running.  
This certificate is only relevant on PBXes with a Push Object.  
During the transition period up to and including 02.09.2025, both <code>*.innovaphone.com</code> one of the above named certificates are required.
During the transition period up to and including 02.09.2025, both <code>*.innovaphone.com</code> and one of the above named certificates are required in the trustlist.


For this, make sure that your setup is compatible to the [[Reference15r1:Concept App Service Devices#Certificates configuration|Devices - certificate trustlist concept]]. Then the certificate will be installed automatically.
===Resolution===
'''No action required''', if <code>innovaphone Device Certification Authority 2</code> is included in the trust list. This is the default configuration of all new devices (gateways and IPVAs). So unless you removed it, nothing has to be changed.


===Resolution===
In general use the [[Reference15r1:Concept App Service Devices#Certificates configuration|Devices - certificate trustlist concept]] to install all required certificates automatically and keep your trust list up to date.
Use the [[Reference15r1:Concept App Service Devices#Certificates configuration|Devices - certificate trustlist concept]] and the certificate will be installed automatically.


==== manually ====
==== manually ====
If you cannot do this and want to do it manually, you can use one of these ways:
If you cannot do this and want to do it manually, you can use one of these ways:


1. The certificate can be added manually on the PBX. It can be downloaded [https://download.innovaphone.com/certificates/push.innovaphone.com.pem here] and then be uploaded on the PBX under [[Reference15r1:General/Certificates|General/Certificates/Trust list]].  
1. The certificate can be added manually on the PBX. It can be downloaded [https://download.innovaphone.com/certificates/innovaphone.pem here] and then be uploaded on the PBX under [[Reference15r1:General/Certificates|General/Certificates/Trust list]].  


2. The new certificate can be added via commands (which can be sent using an update server or the [[Reference15r1:Concept_App_Service_Devices#Expert configuration| Expert configuration]] in ''Devices''). This needs a reboot of the device.  
2. The new certificate can be added via commands (which can be sent using an update server or the [[Reference15r1:Concept App Service Devices#Expert configuration| Expert configuration]] in ''Devices''). This needs a reboot of the device.  
Save the new certificate in the trust list:
Save the new certificate in the trust list:
  !vars create X509/TRUSTED pba 6239515b5008c67cbcd66f07a539f4107dc48348e69a0382aabe640a5a2b62b5b63079bcb9a826819bb71518c8cd9d5e365f6a1059d6b6854781e61239108fb0eacacba6166843ed1973e0b268c3b5ba44b8efcd243032999af9a7f8cd375915b854ceca843a340f60be747a66200abb9eddbfd5ba204a1e1dabbc6fceb61e05243e4f191e7ff20bcc6cb29852f568437eeeb51d7657da1f9b245441a72dd42b4e8e80f916154b009c564ba3b79c9e20f40bef8cd84317bd0a9ceccd3ce312ec5fd350f9d366dd5f6f09119669383efbf580cdca3f7524da153984cec62f14e372d8324256302b7e567c0ca051d4c30023ee5bbd241ddfd6e75711a6018d12d7
  !vars create X509/TRUSTED pba 6239515b5008c67cbcd66f07a539f4107dc48348e69a0382aabe640a5a2b62b5b63079bcb9a826819bb71518c8cd9d5e365f6a1059d6b6854781e61239108fb0eacacba6166843ed1973e0b268c3b5ba44b8efcd243032999af9a7f8cd375915b854ceca843a340f60be747a66200abb9eddbfd5ba204a1e1dabbc6fceb61e05243e4f191e7ff20bcc6cb29852f568437eeeb51d7657da1f9b245441a72dd42b4e8e80f916154b009c564ba3b79c9e20f40bef8cd84317bd0a9ceccd3ce312ec5fd350f9d366dd5f6f09119669383efbf580cdca3f7524da153984cec62f14e372d8324256302b7e567c0ca051d4c30023ee5bbd241ddfd6e75711a6018d12d7


[[Category:Howto|{{PAGENAME}}]]
[[Category:Howto|{{PAGENAME}}]]

Latest revision as of 10:19, 12 August 2025

Applies To

This information applies to

  • All innovaphone PBXs from V12 which use the Push service

More Information

Problem Details

On 01.09.2025 we will change the certificate used in our push infrastructure. Currently, we use *.innovaphone.com which expires annually and requires updating. This certificate is used in the PBX trust list to establish an encrypted connection between your PBX and the innovaphone push service. To simplify this process in the future, we will replace the certificate with one signed by our innovaphone Device Certification Authority 2.

To ensure that push will continues to work for your customers after 01.09.2025, please verify that either the CA-Certificate innovaphone Device Certification Authority 2 or the single certificate push.innovaphone.com is present in the trust list of the relevant PBXes. This certificate is only relevant on PBXes with a Push Object. During the transition period up to and including 02.09.2025, both *.innovaphone.com and one of the above named certificates are required in the trustlist.

Resolution

No action required, if innovaphone Device Certification Authority 2 is included in the trust list. This is the default configuration of all new devices (gateways and IPVAs). So unless you removed it, nothing has to be changed.

In general use the Devices - certificate trustlist concept to install all required certificates automatically and keep your trust list up to date.

manually

If you cannot do this and want to do it manually, you can use one of these ways:

1. The certificate can be added manually on the PBX. It can be downloaded here and then be uploaded on the PBX under General/Certificates/Trust list.

2. The new certificate can be added via commands (which can be sent using an update server or the Expert configuration in Devices). This needs a reboot of the device. Save the new certificate in the trust list: 

!vars create X509/TRUSTED pba 6239515b5008c67cbcd66f07a539f4107dc48348e69a0382aabe640a5a2b62b5b63079bcb9a826819bb71518c8cd9d5e365f6a1059d6b6854781e61239108fb0eacacba6166843ed1973e0b268c3b5ba44b8efcd243032999af9a7f8cd375915b854ceca843a340f60be747a66200abb9eddbfd5ba204a1e1dabbc6fceb61e05243e4f191e7ff20bcc6cb29852f568437eeeb51d7657da1f9b245441a72dd42b4e8e80f916154b009c564ba3b79c9e20f40bef8cd84317bd0a9ceccd3ce312ec5fd350f9d366dd5f6f09119669383efbf580cdca3f7524da153984cec62f14e372d8324256302b7e567c0ca051d4c30023ee5bbd241ddfd6e75711a6018d12d7
Retrieved from "https://wiki.innovaphone.com/index.php?title=Howto:Setup_new_push.innovaphone.com_certificate&oldid=77507"