Author Message
WilsonYu
Joined: Nov 6, 2013
Messages: 3937
Offline
We have recently updated the vpcticonnector.jks trust store with a new certificate which extends the date of expiration. The new valid dates are from 11/21/2017 to 8/23/2022. If you are using AES Connector and secured connection, please do the following:

1. Go to the AES Connector app directory in the app server.
2. Find the vpcticonnector.jks file under the WEB-INF/lib directory, and replace it with the one attached.
3. Restart the app server.

This file can be used for all currently supported releases of Orchestration Designer.
Filename vpcticonnector.jks [Disk] Download
Description No description given
Filesize 4 Kbytes
Downloaded: 6812 time(s)

HiroshiFujita
Joined: Apr 18, 2014
Messages: 2
Offline
Hi

Is there a way to check that the period has been extended after changing the jks file?
WilsonYu
Joined: Nov 6, 2013
Messages: 3937
Offline
Not really, the certificate is being accessed and used internally.
HiroshiFujita
Joined: Apr 18, 2014
Messages: 2
Offline
I found the method.


1. Enable JTAPI DebugLog on the app server.
2. Open debug log, search "ds:X509Certificate".
3. Copy string in the <ds:X509Certificate> tag.
4. Paste string to text editor, and save as certificate file such as "after.crt".
5. Check expiration date of the certificate file.
WilsonYu
Joined: Nov 6, 2013
Messages: 3937
Offline
Good finding. I didn't know it would show up in the jtapi log.
OldSeb
Joined: Jan 4, 2018
Messages: 7
Offline
New certificate will expire at June 23rd 2022. Old one at June 24th 2018.
Certificate can be exported from store file easly using any java tool named keytool by issuing a command:

keytool -export -keystore vpcticonnector.jks -file out.crt -alias mykey
(put empty password)

Next you can view out.crt file using any PC machine.

Regards
Seb
BrunoTapette
Joined: Jun 4, 2018
Messages: 2
Offline
Hello Team,

Please, could you answer a couple of questions about this update:

1- How do we check if the OD is using the AES Connector Name Licensing Certificate?
2- What error will be seen and which log we can check in order to confirm if this is indeed a license issue?
3- Will the errors appear after the certificate expires, or only after the next restart?
4- Is there anything preventing the customers to implement the update in ODs that are not using the AES Connector Name Licensing Certificate? (in other words, should they only execute the update if the OD is using the AES Connector Name Licensing Certificate?)
5- Is there a command we can execute to check if the certificate has the new date (using openssl, keytool or similar) and what response should the customer expect? <-- just noticed that this is answered in OldSeb reply above
6- Is there a file that informs the OD version?

Kind regards,
AlexDevConnect
Joined: Jun 5, 2018
Messages: 1
Offline
You can view the the validity of the certificate:
keytool -list -v -keystore vpcticonnector.jks
No Password (Enter)

Alias name: mykey
Creation date: Nov 21, 2017
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=VP_001
Issuer: CN=Avaya HDTG Product Root, OU=HDTG, O=Avaya Inc., C=US
Serial number: 300ee3a8749c4859
Valid from: Tue Nov 21 10:19:16 EET 2017 until: Tue Aug 23 17:29:49 EEST 2022

BrunoTapette
Joined: Jun 4, 2018
Messages: 2
Offline
Thank you very much!

Team,

Any answer to the other questions?

1- How do we check if the OD is using the AES Connector Name Licensing Certificate?
2- What error will be seen and which log we can check in order to confirm if this is indeed a license issue?
3- Will the errors appear after the certificate expires, or only after the next restart?
4- Is there anything preventing the customers to implement the update in ODs that are not using the AES Connector Name Licensing Certificate? (in other words, should they only execute the update if the OD is using the AES Connector Name Licensing Certificate?)
6- Is there a file that informs the OD version?
MagdalenaCenteno
Joined: Jan 6, 2014
Messages: 5
Offline
Can you please confirm that these actions should only be taken if the customers are using CSTA-S (secured links) t-links?
JOHN-JHENG
Joined: May 26, 2015
Messages: 25
Offline
Hello,

I updata the vpcticonnector.jks,but it is show the WARN.

13/07/2018 23:45:53:604 DEBUG - CTIConnectorManager.initProvider: setup named licensing.
13/07/2018 23:45:53:648 WARN - CTIConnectorManager.initProvider: problem with requestPrivileges; the version of AES may not support Namm [23;1Hed Licensing. (Exception - com.avaya.jtapi.tsapi.TsapiPlatformException: requestPrivileges failure: com.avaya.jtapi.tsapi.TsapiPlatformEE [24;1Hxception: ACS Error: 120)

Thanks fo help.
apkdodo2
Joined: Jun 1, 2019
Messages: 1
Offline
Hey guyz, can anyone tell me that how can we check the period? I mean that how would we come to know that it has extended after we've changed the jks file?
Go to:   
Mobile view