Mike's PBX Cookbook

Certificate Expiry Warning

Background:

If you power-up a new IP500v2 system without a time server available, the self-signed certificate (generated at first power-up from the factory) is created using the default date (01 January, 2011). This certificate is required for secure communications, and will expire on the 31 December, 2017 (seven years after the default date). In this case, you will see a certificate expiration warning message:

Prevention:

Always power up a new system with Manager running on a PC/laptop connected to the IP Office LAN port (time server must be enabled). This will correctly set the system clock, and subsequently the auto generated certificate will expire in 7 years from now. Alternatively, manually regenerate the certificate (explicitly, or reset the security settings) after correctly setting the time and date.

Cure:

Perform the following in Manager:

  1. Confirm that the time and date (year!) is set correctly (verify in System Status).

  2. File ➤ Security settings ➤ System ➤ Identity Certificate ➤ Delete the certificate.
Note: For IP Office 10.X the Delete button has been renamed "Regenerate".
  1. Click OK, and Save the Security Settings.
    The IP Office will auto-generate a new self signed certificate.

When the IP Office auto-generates a new certificate, this processor intensive task will make it appear that the system is not responding. The process takes about 5 minutes, per warning message, though the system does not reboot. Be patient!

Alternatively:

  1. Set Manager to communicate without certificate: File ➤ Preferences ➤ security ➤ Manager Certificate Checks ➤ None
    - although this is not really recommended as a system could be overlooked and the certificate expire unexpectedly.
  2. Default the security settings, which creates another unique self-signed instance with same name but differing instance.