Howto:Update innovaphone.com Wildcard-Certificate in a Device Trustlist: Difference between revisions

From innovaphone wiki
Jump to navigation Jump to search
(New page: ==Applies To== This information applies to * All innovaphone IP-Phones and -Gateways with V12r2, V13r1 <!-- Keywords: 13r1 12r2 zertifikat trust list --> ==More Information== ===Proble...)
(No difference)

Revision as of 16:20, 18 January 2021

Applies To

This information applies to

  • All innovaphone IP-Phones and -Gateways with V12r2, V13r1


More Information

Problem Details

On 11.02.2021 the current certificate *.innovaphone.com will expire. This is used in the PBX trust list to establish an encrypted connection between your PBX and the innovaphone push service. To ensure that Push also works for your customers after 11.02.2021, this must be added to the trust list of the respective PBX. After 11.02.2021 the old *.innovaphone.com certificate can be deleted. This certificate is currently only relevant for gateways on which Push is running. During the transition period up to and including 11.02.2021, both *.innovaphone.com certificates are required.

Additionally, every time an innovaphone devices is restarted the current *.innovaphone.com certificate generates a x509: A certificate has expired or will expire soon event.

Since we can update the Push-service certificate only on 11.02.2021 (otherwise existing devices without an updated certificate will stop working), it is important to keep until 11.02.2021 both certificates in the Trustlist of devices running a PBX with Push-functionality.

Resolution

Here are three ways to replace the certificate on all innovaphone devices.

1. In the coming 13r1 SR 22 and 12r2 SR41 the certificate will be added automatically during the update. After 11.02.2021 the old certificate can be manually deleted. Also, new in the upcoming 12r2 & 13r1 firmware is a mechanism to prevent Certificate expiration events in case that a new certificate exists for the same CN. Finally, devices with 13r1SR22 and 12R2SR41 firmware will have after a factory reset only the new *.innovaphone.com certificate.

2. The certificate can be added manually on the PBX. It can be downloaded here and then be uploaded on the PBX under "General/Certificates/Trust list". After 11.02.2021, the old certificate can be manually deleted.

3. The new certificate can be added and the old certificate can be deleted via an update server. This needs a reboot of the device.

Save the new certificate in the trust list: 

    !vars create X509/TRUSTED pba 308205c3308204aba003020102021100a597803636a18895e177a9e33f86c930300d06092a864886f70d01010b050030818f310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f726431183016060355040a130f5365637469676f204c696d69746564313730350603550403132e5365637469676f2052534120446f6d61696e2056616c69646174696f6e2053656375726520536572766572204341301e170d3231303131353030303030305a170d3232303231353233353935395a301c311a301806035504030c112a2e696e6e6f766170686f6e652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100dce92a4e6128064d6635492384df5b1f133ba15ac0b3273caecfaa189cb8a8512b715585e607e53167524986243a5bcb587ad7263412b2e2e747f91641b1b0bcb900d16de2ede8e47bb0a5ea7eb9667cdc6ca1b9165363c299f61e1189e3634a7fdadd38b2ec37ea2490d343caa11c32c007fcf2b64fff15991e6db3416f98ce9b050b44a7b848d7ae9cd1678cfcbccef7e5be62b8e11c9c7ad1857a4d966ed3998c3965916c780bb84ad57fdf8b975db2b6dc733b9212506e9d3fd66b24fec4bbc554db024063f6616e49589c81564ce0ceacb93286c3ea29fae7a722b4dfe1ba64a91dfe16aeadcf81a437a72e60e47ca1a5acec0b4a03a6e2105cf9ef850d0203010001a382028a30820286301f0603551d230418301680148d8c5ec454ad8ae177e99bf99b05e1b8018d61e1301d0603551d0e041604149dc35e36012da4332be256d01250aaf162480483300e0603551d0f0101ff0404030205a0300c0603551d130101ff04023000301d0603551d250416301406082b0601050507030106082b0601050507030230490603551d20044230403034060b2b06010401b231010202073025302306082b06010505070201161768747470733a2f2f7365637469676f2e636f6d2f4350533008060667810c01020130818406082b0601050507010104783076304f06082b060105050730028643687474703a2f2f6372742e7365637469676f2e636f6d2f5365637469676f525341446f6d61696e56616c69646174696f6e53656375726553657276657243412e637274302306082b060105050730018617687474703a2f2f6f6373702e7365637469676f2e636f6d302d0603551d110426302482112a2e696e6e6f766170686f6e652e636f6d820f696e6e6f766170686f6e652e636f6d30820104060a2b06010401d6790204020481f50481f200f000770046a555eb75fa912030b5a28969f4f37d112c4174befd49b885abf2fc70fe6d470000017705057db50000040300483046022100a41ba017e32ec2ca7a349a10e47e5d768297bef2556541fed259aadd04cee4660221008717c3777ee675bc9a9d8d2095424a6efb3513a7b41594cbdef5565b664f9660007500dfa55eab68824f1f6cadeeb85f4e3e5aeacda212a46a5e8e3b12c020445c2a730000017705057efa000004030046304402206db15476ee9694ee8e42691eb7a838afa1b1af2537023b6a3351079829ff7aed022020471b762475c87c589bb13b5878eb85f10ed9d1009a56df2e66edc690b50d62300d06092a864886f70d01010b0500038201010008e116326c488585f587f7e771c9fe15b31a4426523cb8f28ad614aad409d0da74c2af12ea3f63be873412187eebb44f72043a36ccb8dbddbdddfdd5348750b4dc7d5ddcfbff465de65ab249e6ca681cffe190e9d12a6bae63c8c0d97aba46eca371346e8f9eacb1f57ea64dc2ef3fa5de0bfba048f982fe4aaf3fea491976e5ea9df58a8e0a9cd7176fad9bc685201c70aba55f0ac61697400c7519c80479ee3d469bab45a5a2491b42738e98381f5c7cedebe1c3a661856b1e034df6ff633e21283fe352dd7a6576923b42d60251c776a02bd255117c75f8f86da9e1b05d4171d9781db0456c68c83aec3e15fd9153e243a99886270f1da3125dbcb58d0af9
    !config write
    !config activate

Remove old certificate: 

    !mod cmd X509 form /item-trusted-1187d4f8dc89fbdd8fad3abaf363733c226dcf3b15e47bac7d7e0cea8992de4fb4b47a31 on /trusted-delete Remove
Retrieved from "https://wiki.innovaphone.com/index.php?title=Howto:Update_innovaphone.com_Wildcard-Certificate_in_a_Device_Trustlist&oldid=57832"