Scribd Logo
Upload

Welcome to Scribd!

  • Sal

    Uploaded by

    Ghanshyam Chauhan
    38 views6 pages
    Avaya will change the VeriSign's CA hierarchy used to sign identity certificates. This new CA hierarchy is necessary for remote access and alarming. This PCN addresses and resolves issues with the following products and systems.

    Original Description:

    Original Title

    100161559 - SAL

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Avaya will change the VeriSign's CA hierarchy used to sign identity certificates. This new CA hierarchy is necessary for remote access and alarming. This PCN addresses and resolves issues with the following products and systems.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    38 views6 pages

    Sal

    Uploaded by

    Ghanshyam Chauhan
    Avaya will change the VeriSign's CA hierarchy used to sign identity certificates. This new CA hierarchy is necessary for remote access and alarming. This PCN addresses and resolves issues with the following products and systems.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    Product Correction Notice #1873S

    Product Correction Notice (PCN) Issue Date: Archive Date: PCN Number: SECTION 1 CUSTOMER NOTICE This PCN address issues with the following products and systems: Does this PCN apply to me? Secure Access Link Gateway 1.5.X.X, 1.8.X.X, 2.0.X.X System Platform: 6.0.X (this contains Secure Access Link (SAL) 1.8)

    May 1, 2012 N/A 1873S

    May 1, 2012: On May 12, 2012, Avaya will renew the identity certificates of Secure Access Concentrator Core Server and Secure Access Concentrator Remote Server. During the renewal, Avaya will also change the VeriSigns CA hierarchy used to sign the identity certificates, as mandated by VeriSign. This new CA hierarchy from VeriSign is necessary for remote access and alarming. All the Secure Access Link Gateway(s) already deployed in the field have been updated with the new hierarchy of certificates. Any Secure Access Link Gateway 1.5.X.X, 1.8.X.X, or 2.0.X.X installed after May 1, 2012 will not have these new certificates. Please follow the steps outlined in this notice to load the new certificates in the Secure Access Link Gateway installed after May 1, 2012. The steps outlined in this notice are only applicable to Secure Access Link Gateway Release 1.5.X.X, 1.8.X.X, 2.0.X.X.

    What you should do when you receive this PCN:

    Prior to performing the steps outlined in this notice, please check your gateway for the following: 1. 2. Check xGate.log for any communication errors. If the gateway is communicating properly, you dont need to apply the PCN. Check spiritAgentOperational.log for any communication errors. If the gateway is communicating properly, you dont need to apply the PCN.

    Description of PCN:

    This notice specifies steps to apply to Secure Access Link Gateway release 1.5.X.X, 1.8.X.X and 2.0.X.X.

    What is the nature of the PCN? This PCN addresses and resolves
    PCN Template Rev Date: 8Dec. 2011 2011 Avaya Inc. All Rights Reserved.

    Secure Access Link Gateway release 1.5.X.X, 1.8.X.X and 2.0.X.X installed after May 1, 2012 need to be updated with new certificates to continue providing remote
    Page 1 of 6 All trademarks identified by the or TM are registered trademarks or trademarks, respectively, of Avaya Inc.

    Avaya Proprietary & Confidential. Use pursuant to the terms of signed agreements or Avaya policy. All other trademarks are the property of their owners.

    Product Correction Notice #1873S the following issues: access and alarming.

    Level of Risk/Severity Class 1 Class 1=High Class 2=Medium Class 3=Low Is it required that this PCN be applied to my system? The risk if this PCN is not installed: Is this PCN for US customers, nonUS customers, or both? Does applying this PCN disrupt my service? Installation of this PCN is required by: Release notes and workarounds are located: How to determine if your product is affected: This PCN must be applied to all the Secure Access Link Gateway(s) release 1.5.X.X, 1.8.X.X and 2.0.X.X installed after May 1, 2012. Failure to apply this PCN will result in total loss of remote access and alarming.

    This applies to both US and nonUS customers.

    Execution of this PCN is necessary to ensure continued service.

    Customer and/or Avaya Authorized Business Partner.

    Procedures are documented in the Provisioning Instructions (if PCN can be customer installed) section of this PCN. The steps are different based on the release of the Secure Access Link Gateway. 1.5.X.X: 1. 2. 3. trustProd.jks 4. If the list contains the following entries then you dont need to apply the PCN: sslstandardvsignclass3intermediatecag3 sslstandardrootvsignclass3primarycag5 esdp_ocsp_new newesdprlsa_prod_avaya_ca newesdprlsa_vsign_root_ca SSH to Gateway cd /opt/avaya/SAL/gateway/SSL keytool list storepass avaya123 keystore spirit

    If the list doesnt contain the above entries, then the application of the PCN is necessary. 1.8.X.X: 1. 2. 3.
    PCN Template Rev Date: 8Dec. 2011 2011 Avaya Inc. All Rights Reserved.

    SSH to Gateway cd /opt/avaya/SAL/gateway/SSL keytool list storepass avaya123 keystore spirit


    Page 2 of 6 All trademarks identified by the or TM are registered trademarks or trademarks, respectively, of Avaya Inc.

    Avaya Proprietary & Confidential. Use pursuant to the terms of signed agreements or Avaya policy. All other trademarks are the property of their owners.

    Product Correction Notice #1873S trust.jks 5. If the list contains the following entries then you dont need to apply the PCN: sslstandardvsignclass3intermediatecag3 sslstandardrootvsignclass3primarycag5 esdp_ocsp_new newesdprlsa_prod_avaya_ca newesdprlsa_vsign_root_ca

    If the list doesnt contain the above entries, then the application of the PCN is necessary. 2.0.X.X: 1. 2. 3. trust.jks 6. If the list contains the following entries then you dont need to apply the PCN: sslstandardvsignclass3intermediatecag3.cer sslstandardrootvsignclass3primarycag5.cer esdp_ocsp_new.cer newesdprlsa_prod_avaya_ca.cer newesdprlsa_vsign_root_ca.cer SSH to Gateway cd /opt/avaya/SAL/gateway/SSL keytool list storepass avaya123 keystore spirit

    If the list doesnt contain the above entries, then the application of the PCN is necessary. Required materials (If PCN can be customer installed): Provisioni ng instructio ns (If PCN can be customer installed): This PCN is being issued as a customer installable PCN. The scripts as well as the certificates will be available as a download on PLDS.

    For the systems that have the identified issue as described in the How to determine if your product is affected: section of this PCN, perform the following steps to ensure continued service: 1. Download the SSL Certificate Update package from PLDS at the following URL: https://plds.avaya.com/poeticWeb/avayaLogin.jsp?ENTRY_URL=/esd/viewDownload.htm&DOWNLO AD_PUB_ID=SAL00000029. 2. SSH to SAL Gateway. Login as root. 3. SCP or Copy the tar file CertManualInstall_2003.tar.gz into the directory /opt/avaya/SAL/gateway/Upgrade/Models/. 4. cd /opt/avaya/SAL/gateway/Upgrade/Models. 5. Change owner of the CertManualInstall_2003.tar.gz file to saluser. a. For standalone SAL Gateway use chown saluser:salgroup CertManualInstall_2003.tar.gz b. For SAL Gateway on System Platform use chown saluser:susers CertManualInstall_2003.tar.gz 6. su saluser. 7. Untar the CertManualInstall_2003.tar.gz file tar xvfz CertManualInstall_2003.tar.gz.
    Avaya Proprietary & Confidential. Use pursuant to the terms of signed agreements or Avaya policy. All other trademarks are the property of their owners. Page 3 of 6 All trademarks identified by the or TM are registered trademarks or trademarks, respectively, of Avaya Inc.

    PCN Template Rev Date: 8Dec. 2011 2011 Avaya Inc. All Rights Reserved.

    Product Correction Notice #1873S 8. Run the script perl CertInstall.pl.

    The script will take about 5 minutes to run. Please check /opt/avaya/SAL/gateway/Upgrade/CERT_UPGRADE.log for details. For any issues, please contact Avaya Support. If the script runs fine, continue with the following steps: 9. Change user to root. 10. /sbin/service axedaAgent restart. 11. /sbin/service spiritAgent restart. 12. /sbin/service gatewayUI restart. Check if all the services come up properly. For any issues please contact Avaya Support. Finding the installation instructions (If PCN can be customer installed): Installation instructions are located in the Provisioning Instructions (if PCN can be customer installed) section above.

    SECTION 1A PATCH INFORMATION Note: Customers are required to backup their systems before applying the Patch. How to verify the installation of the patch has been successful: What you should do if the patch installation fails? How to remove the patch if malfunction of your system occurs: N/A

    N/A

    N/A

    SECTION 1B SECURITY INFORMATION Are there any security risks involved? Avaya Security Vulnerability Classification: Mitigation: No

    N/A

    N/A

    PCN Template Rev Date: 8Dec. 2011 2011 Avaya Inc. All Rights Reserved.

    Avaya Proprietary & Confidential. Use pursuant to the terms of signed agreements or Avaya policy. All other trademarks are the property of their owners.

    Page 4 of 6 All trademarks identified by the or TM are registered trademarks or trademarks, respectively, of Avaya Inc.

    Product Correction Notice #1873S

    SECTION 1C ENTITLEMENTS AND CONTACTS Material Coverage Entitlements: There is no charge for the material in this PCN. The scripts as well as certificates will be available for download from PLDS. Avaya is issuing this PCN as remotely installable by the customer. If the customer requests Avaya to install this PCN, it is considered a billable event as outlined in Section 4 (Software Updates and Product Correction Notices) of the Avaya Service Agreement Supplement (Full Maintenance Coverage) unless the customer has purchased an Avaya Services enhanced offer such as the Avaya Services Product Correction Support offer. Additionally, Avaya onsite support is not included. If onsite support is requested, Avaya will bill the customer current Per Incident charges unless the customer has purchased an Avaya Services enhanced offer such as the Avaya Services Product Correction Support offer. Customers under the following Avaya coverage: Full Coverage Service Contract* Onsite Hardware Maintenance Contract* Remote Installation Current Per Incident Rates Apply Remote or Current Per Incident Rates Apply Onsite Services Labor Service contracts that include both labor and parts support 24x7, 8x5.

    Avaya Customer Service Coverage Entitlements:

    Customers under the following Avaya coverage: Warranty Software Support Software Support Plus Upgrades Remote Only Parts Plus Remote Remote Hardware Support Remote Hardware Support w/ Advance Parts Replacement HelpLine Per Terms of Services Contract or coverage Assistance Remote or Per Terms of Services Contract or coverage Onsite Services Labor

    Avaya Product Correction Notice Support Offer The Avaya Product Correction Support Offer provides outofhours support for remote and onsite technician installable PCNs, and Avaya installation for all Avaya issued PCNs that are classified as CustomerInstallable. Refer to the PCN Offer or contact your Avaya Account Representative for complete details.

    PCN Template Rev Date: 8Dec. 2011 2011 Avaya Inc. All Rights Reserved.

    Avaya Proprietary & Confidential. Use pursuant to the terms of signed agreements or Avaya policy. All other trademarks are the property of their owners.

    Page 5 of 6 All trademarks identified by the or TM are registered trademarks or trademarks, respectively, of Avaya Inc.

    Product Correction Notice #1873S Avaya Authorized Business Partner Service Coverage Entitlements: Authorized Business Partner Avaya authorized Business Partners are responsible for the implementation of this PCN on behalf of their customers.

    Avaya Contacts: For assistance with this PCN contact your local or regional Service group.

    Contact Avaya Support

    PCN Template Rev Date: 8Dec. 2011 2011 Avaya Inc. All Rights Reserved.

    Avaya Proprietary & Confidential. Use pursuant to the terms of signed agreements or Avaya policy. All other trademarks are the property of their owners.

    Page 6 of 6 All trademarks identified by the or TM are registered trademarks or trademarks, respectively, of Avaya Inc.

    You might also like