Avaya J1xx VoIP Phone SSL Certificate Updates
SSL Best Practices for J129, J139, J159, J169, J179, & J189 VoIP Telephones
The question often arises about when the J1xx phones require a reboot versus a clear in respect to certificates. Here is a quote from Avaya development.
Each phone will pull the identity certificate if it is updated and changed:
- If the phone does not already have the file it will download the file.
- Alternately, if the phone already has the file it will perform a GET ‘If-Modified’ and only download the file if it is newer than what is already on the phone.
- When the RootCA is changed, you have to clear the phone for it to pull the new one since it can no longer connect to the HTTPS Server without the valid RootCA. TLS will fail to connect and will not get anything.
You can check what the RootCA is by browsing to https://[address of IPO]/WebRootCA.pem
Our recommendation is to download the WebRootCA.pem file both before and after you make major certificate changes in the IP Office to ensure that it hasn’t changed. If it has, all your J-series VoIP phones will have to be factory defaulted since the new RootCA doesn’t match the old RootCA.
Once the new IP Office SSL Certificate is in place and working you’ll need to push the update to your J1xx phones using one of the methods below.
J1xx Update Methods
1. Update phones from the admin menu using “Get Updates”
Press the “Hamburger” (3 horizontal lines) button to get into settings. Scroll down to “Administration” and press Select. It will ask for the admin password which by default is 27238. Finally, you will be able to scroll down to “Get Updates” and cause the phone to check with it’s configuration server (the IP Office).
2. Use the 46xxspecials.txt feature AUTOMATIC_UPDATE_POLICY
When AUTOMATIC_UPDATE_POLICY is enabled the phone will automatically perform a “Get Updates” as defined by the AUTOMATIC_UPDATE_POLICY parameters. Obviously this needs to be done ahead of time to get the phones into an automatic update state. Once you’ve made this change in the 46xxsettings.txt or 46xxspecials.txt file all the phones will need to be updated using method 1 or 3 before they actually follow this setting.
3. Reboot the phones which will cause them to pull config files from the IPO
This instruction is pretty much self explanatory!
What About 3rd Party SIP Mode?
It should be noted that the files and processes are essentially identical for J1xx phones in 3PCC mode. For example, Avaya J-series VoIP phones connected to our AtcomCloud phone system update SSL certificates in manner laid out above.