25 - Better way to Handle PKI/Certificates
in progress
James Davis
In this crazy world of Telecom, we now have to worry about PKI/Certificates. It's very confusing, cumbersome, and painful managing ALL of the required Certificates for all the different Avaya Systems/endpoints.
It would be NICE if Avaya had a better way, than through SMGR, to handle certificate requests in environments where there is not a strong PKI/Certificate structure in place and Self-Signed is the only option.
Or at least make SMGR a bit easier to handle for certification management.
Avaya Responses
Improving security certificate management across all Aura solutions is a significant undertaking. Nevertheless, it continues to be reviewed within Avaya. Avaya is aware of this request, and the issue is regularly discussed with the IAUG Feature Request volunteer committee and other customers. Avaya would like to keep this request open, with more to come in early 2025 as the 10.3 release will be forthcoming then.
Dwight Reifsnyder
Avaya - can't you just add the free Let's Encrypt plug in and let it handle everything?
Michal Ferber
I think the management interface needs to take into consideration self-signed, internal CA's (i.e. Active Directory) as well as third party certs. In our environment we have all three types of certs because of the various sip endpoints we are connected to.
Avaya Responses
in progress
Avaya Responses
Feature in Aura 8.1.3 System Manager SCEP Enhancements to improve Cert Distribution to Endpoints. Provides improvement in this area Avaya will Present details at next planned meeting
James Davis
I would like to add this - Avaya has the opportunity here to fix the complexity of PKI/Certificates and make it so the average IT person can see them at a glance AND know what needs to be done to renew certs. That is the real intent of this request - To try eliminate the complexities here since most of the telecom folks I have talked with over the years are still not comfortable about managing the Certificates on the Avaya platforms.
Tom Lynn
Better tools might include reporting across the entire collection of systems in the System Manager inventory broken down by certificate function (SIP, web etc) with upcoming expiration events called out in the System Manager Dashboard. Would help explain what is expiring and what will be affected.
Chip Powell
FR# 25 - Sent to Avaya 4/24/20
Avaya Responses
under review
This is on our list to address this at the overall solution level as a priority
Paul Leatherman
Self signed is not the only option but I would agree on the management side. Better tools for validating.
Load More
→