SlideShare a Scribd company logo

Avaya Security Certificates Webinar

Arrow Systems Integration
Arrow Systems Integration

Avaya is putting the responsibility of choosing, obtaining, installing and renewing expiring certifications on you. Are you prepared for that? David is here to talk you through the basics in understanding and deploying these critical certifications.

Technology
1 of 40
Download to read offline
Security Certificates An Introduction David Lover Vice President Strategy and Technology
2 Introduction to Security Certificates > Why do you need to understand Digital Certificates > Introduction to PKI – Public Key Infrastructure – What is a Security Certificate? – What is a Certificate Authority? > Avaya’s use of Security Certificates > High-level deployment tasks > Specific example of deploying certificates
3 Need for Understanding Digital Certificates > X509 Digital Certificates represent the identity and privacy “keys” in TLS based communication – SSL 2.0 -> SSL 3.0 ->TLS 1.0 -> TLS 1.1-> TLS 1.2 ->TLS 1.3 (Draft) > Avaya has been allowing customers to use their “Demo” Security Certs. > They began phasing that out in Aura R6 due to the older cipher strength (1024 bits versus 2048 bits) and lack of “uniqueness”. > Demo” certs are no longer installed by default (but are kept during an upgrade) > Customers must adopt and maintain a certificate strategy for their Aura system
4 Sample TLS Message Flow
5 TLS Security Certificates – Identity Certificate > A Security Certificate provides a mechanism to provide identity and encryption > A Security Certificate must be signed by a “trusted” Certificate Authority > X509 allows for various scopes of “Trust” through the use of Root Certificate Authority (CA) certs – Commercial (sometimes called 3rd Party Certs) – Enterprise
6 Certificate Authority (often referred to as the CA) > Verifies the identity. The CA must validate the identity of the entity who requested a digital certificate. > Issues digital certificates. If the validation process succeeds, the CA issues the digital certificate to the entity that requested it. > Maintains the Certificate Revocation List (CRL). A CRL is a list of digital certificates that are no longer valid and have been revoked. These digital certificates are not reliable.
7 Signing a Security Certificate > Avaya Elements that depend on System Manager for their trust management (ie Session Manager) this is done via System Manager > If Element supports CSR, use the tools provided in that element to create a CSR, transfer the file to the Certificate Authority for signing, install the signed certificate on the element (PEM or PKCS#12) > If the Element doesn’t support CSR, then create a cert directly within the Certificate Authority. This signed cert will be in a PKCS#12 format, containing the Private Key to be used by the element.
8 Certificate Authorities
9 Migration Strategy > Identify overall Certificate Authority strategy (Public CA, Enterprise CA, SMGR CA, Hybrid) > Inventory infrastructure to determine which Certs need to be upgraded and who will need a copy of its Root CA Certificates > Create new Identity Certs (via CSR, when available). > Obtain and Deploy the Root CA’s associated with the new Identity Certs > Install new Identity Certs and Test Functionality > Remove old Root CA’s
10 Migration Strategy > Identify overall Certificate Authority strategy (Public CA, Enterprise CA, SMGR CA, Hybrid) > Inventory infrastructure to determine which Certs need to be upgraded and who will need a copy of its Root CA Certificates > Obtain and Deploy the Root CA’s associated with the new Identity Certs > Install new Identity Certs and Test Functionality > Remove old Root CA’s
11 TLS Security Certificate Strategies > Continue using weak “Demo” certs > Use your existing Enterprise Root Certificate Authority > Use System Manager as the Enterprise Root Certificate Authority > Use System Manager as an Intermediate CA of your Enterprise Root Certificate Authority > Use Commercial Root CA’s (Thawte, Verisign, etc) > Use a combination of the above strategies
12 TLS Security Certificates Continue using Avaya “Demo” certs > Advantages – Easiest option. Most Avaya products still support it. Some are “hard coded” to trust it. – Extended expiration date > Disadvantages – Non-unique – Weak Cipher strength – Do not meet current NIST standards – Avaya will NOT be renewing these certs. Once they expire, they are dead forever.
13 TLS Security Certificates Use your Existing Enterprise CA > Advantages – Root CA certs tend to already be deployed to enterprise clients and pc’s – Can have a longer expiration – Lets your enterprise manage acquisition of certs for you > Disadvantages – By default, no one outside of your enterprise will trust these certs – Lose the benefit of “automatic” cert acquisition from “enrolling” with System Manager – Requires coordination with your Enterprise Certificate team
14 TLS Security Certificates Use System Manager as the Enterprise Root CA > Advantages – Allows easier acquisition of Root CA certs upon installation by “enrolling” with System Manager – Let’s you be independent of external departments > Disadvantages – Root CA certs not deployed to enterprise users by default – Root CA certs not deployed to public users by default – Multiple Certificate Authority Servers to Manage and keep track of
15 TLS Security Certificates Use System Manager as an Intermediate CA > Advantages – Allows easier acquisition of Root CA certs upon installation by “enrolling” with System Manager – Let’s you be independent of external departments – Let’s existing Enterprise Root CA’s trust System Manager signed certs > Disadvantages – Root CA certs not deployed to enterprise users by default – Need to get buy-in from existing Enterprise CA owners to become a delegate – Some devices expect to see the full trust chain
16 TLS Security Certificates Use 3rd Party Commercial CA > Advantages – Most devices and operating systems come preloaded with the common, well known CA Root Certificates > Disadvantages – Short Expirations (1-2 years typical) – Can be expensive – Lose the benefit of “automatic” cert acquisition from “enrolling” with System Manager – Not all CA’s support the requirements of certain Avaya servers
17 Migration Strategy > Identify overall Certificate Authority strategy (Public CA, Enterprise CA, SMGR CA, Hybrid) > Inventory infrastructure to determine which Certs need to be upgraded and who will need a copy of its Root CA Certificates > Obtain and Deploy the Root CA’s associated with the new Identity Certs > Install new Identity Certs and Test Functionality > Remove old Root CA’s
18 TLS Security Certificates – Inventory
19 TLS Security Certificates – Inventory
20 TLS Security Certificates – Inventory
21 Migration Strategy > Identify overall Certificate Authority strategy (Public CA, Enterprise CA, SMGR CA, Hybrid) > Inventory infrastructure to determine which Certs need to be upgraded and who will need a copy of its Root CA Certificates > Obtain and Deploy the Root CA’s associated with the new Identity Certs > Install new Identity Certs and Test Functionality > Remove old Root CA’s
22 Migration Strategy > Identify overall Certificate Authority strategy (Public CA, Enterprise CA, SMGR CA, Hybrid) > Inventory infrastructure to determine which Certs need to be upgraded and who will need a copy of its Root CA Certificates > Obtain and Deploy the Root CA’s associated with the new Identity Certs > Install new Identity Certs and Test Functionality > Remove old Root CA’s
23 Obtain New Root CA Cert
24 Obtain New Root CA Cert
25 Deploy New Root CA Cert – Communication Manager
26 Deploy New Root CA Cert – Communication Manager
27 Deploy New Root CA Cert – Communication Manager Communication Manager requires a restart for it to use the new Root CA Trust Cert
28 Deployment of New Root CA Cert > Avaya hard phones get their TLS settings from the 46xxsettings.txt file > Keep the existing CA for now. You should remove it once you’ve tested with new Identity Cert > Phones must be rebooted to re-process the 46xxsettings.txt file
29 Migration Strategy > Identify overall Certificate Authority strategy (Public CA, Enterprise CA, SMGR CA, Hybrid) > Inventory infrastructure to determine which Certs need to be upgraded and who will need a copy of its Root CA Certificates > Create new Identity Certs (via CSR, when available). > Obtain and Deploy the Root CA’s associated with the new Identity Certs > Install new Identity Certs and Test Functionality > Remove old Root CA’s
30 Replace Identity Certs
31 Replace Identity Certs – Security Module SIP
32 Replace Identity Certs - Security Module SIP
33 Replace Identity Certs - HTTPS
34 Check the Compliance Status
35 Migration Strategy > Identify overall Certificate Authority strategy (Public CA, Enterprise CA, SMGR CA, Hybrid) > Inventory infrastructure to determine which Certs need to be upgraded and who will need a copy of its Root CA Certificates > Create new Identity Certs (via CSR, when available). > Obtain and Deploy the Root CA’s associated with the new Identity Certs > Install new Identity Certs and Test Functionality > Remove old Root CA’s
36 Migration Strategy - Remove Old Root CA’s > Be VERY careful when doing this. Make sure there are no remaining identity certs signed by the old CA. > CM must be restarted
37 Migration Strategy - Remove Old Root CA’s > Be VERY careful when doing this. Make sure there are no remaining identity certs signed by the old CA. > Phones must be rebooted
38 Introduction to Security Certificates > Why do you need to understand Digital Certificates > Introduction to PKI – Public Key Infrastructure – What is a Security Certificate? – What is a Certificate Authority? > Avaya’s use of Security Certificates > High-level deployment tasks > Specific example of deploying certificates
39 Join Us For Our October Webinar! Join us on October 20th at 10am CST Join Andrew Prokop as he explains the fundamentals of Avaya Breeze before walking you through the creation of a few Breeze applications. Registration Link: http://go.arrowsi.com/instantinsightoctober2016register
Security Certificates An Introduction David Lover Vice President Strategy and Technology

Recommended

Cisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Canada
 
ISE_Pub
ISE_PubISE_Pub
ISE_PubWill Hatcher
 
Cisco Study: State of Web Security
Cisco Study: State of Web Security Cisco Study: State of Web Security
Cisco Study: State of Web Security Cisco Canada
 
Identity Services Engine Overview and Update
Identity Services Engine Overview and UpdateIdentity Services Engine Overview and Update
Identity Services Engine Overview and UpdateCisco Canada
 
ISE-802.1X-MAB
ISE-802.1X-MABISE-802.1X-MAB
ISE-802.1X-MABEmerson Barros Rivas
 
From Cisco ACS to ISE
From Cisco ACS to ISE From Cisco ACS to ISE
From Cisco ACS to ISE Mahzad Zahedi
 
EASING THE COMPLIANCE BURDEN SAGAN SOLUTION & PCI COMPLIANCE
EASING THE COMPLIANCE BURDEN SAGAN SOLUTION & PCI COMPLIANCEEASING THE COMPLIANCE BURDEN SAGAN SOLUTION & PCI COMPLIANCE
EASING THE COMPLIANCE BURDEN SAGAN SOLUTION & PCI COMPLIANCEAlex Himmelberg
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Anwesh Dixit
 

Recommended

Cisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Canada
 
ISE_Pub
ISE_PubISE_Pub
ISE_PubWill Hatcher
 
Cisco Study: State of Web Security
Cisco Study: State of Web Security Cisco Study: State of Web Security
Cisco Study: State of Web Security Cisco Canada
 
Identity Services Engine Overview and Update
Identity Services Engine Overview and UpdateIdentity Services Engine Overview and Update
Identity Services Engine Overview and UpdateCisco Canada
 
ISE-802.1X-MAB
ISE-802.1X-MABISE-802.1X-MAB
ISE-802.1X-MABEmerson Barros Rivas
 
From Cisco ACS to ISE
From Cisco ACS to ISE From Cisco ACS to ISE
From Cisco ACS to ISE Mahzad Zahedi
 
EASING THE COMPLIANCE BURDEN SAGAN SOLUTION & PCI COMPLIANCE
EASING THE COMPLIANCE BURDEN SAGAN SOLUTION & PCI COMPLIANCEEASING THE COMPLIANCE BURDEN SAGAN SOLUTION & PCI COMPLIANCE
EASING THE COMPLIANCE BURDEN SAGAN SOLUTION & PCI COMPLIANCEAlex Himmelberg
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Anwesh Dixit
 
AL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_webAL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_webDerrick McBreairty
 
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1ebcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1eSam Kumarsamy
 
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)Robb Boyd
 
Security issues in RADIUS based Wi-Fi AAA
Security issues in RADIUS based Wi-Fi AAASecurity issues in RADIUS based Wi-Fi AAA
Security issues in RADIUS based Wi-Fi AAAKarri Huhtanen
 
EAP-TLS
EAP-TLSEAP-TLS
EAP-TLSKarri Huhtanen
 
TechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network LicenseTechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network LicenseRobb Boyd
 
CyberKnight capabilties
CyberKnight capabiltiesCyberKnight capabilties
CyberKnight capabiltiesSneha .
 
MGT300 Using Microsoft System Center to Manage beyond the Trusted Domain
MGT300 Using Microsoft System Center to Manage beyond the Trusted DomainMGT300 Using Microsoft System Center to Manage beyond the Trusted Domain
MGT300 Using Microsoft System Center to Manage beyond the Trusted DomainLouis Göhl
 
CISCO ACS 5.6 Migration Guide
CISCO ACS 5.6 Migration GuideCISCO ACS 5.6 Migration Guide
CISCO ACS 5.6 Migration GuidePCCW GLOBAL
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISETechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISERobb Boyd
 
Windows Malware Techniques
Windows Malware TechniquesWindows Malware Techniques
Windows Malware TechniquesLee C
 
User expert forum user-id
User expert forum user-idUser expert forum user-id
User expert forum user-idAlberto Rivai
 
Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Iftikhar Ali Iqbal
 
ReCertifying Active Directory
ReCertifying Active DirectoryReCertifying Active Directory
ReCertifying Active DirectoryWill Schroeder
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecRobb Boyd
 
Scc soft token datasheet
Scc soft token datasheetScc soft token datasheet
Scc soft token datasheetHai Nguyen
 
App viewx cert+
App viewx cert+App viewx cert+
App viewx cert+AppViewX
 
Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Iftikhar Ali Iqbal
 
Cloud summit demystifying cloud security
Cloud summit demystifying cloud securityCloud summit demystifying cloud security
Cloud summit demystifying cloud securityDavid De Vos
 
PCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyPCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyAlienVault
 
AZ CDC Images
AZ CDC ImagesAZ CDC Images
AZ CDC ImagesDeyuan lim
 
Arrow SI's December 2016 Instant Insight Webinar
Arrow SI's December 2016 Instant Insight WebinarArrow SI's December 2016 Instant Insight Webinar
Arrow SI's December 2016 Instant Insight WebinarArrow Systems Integration
 

More Related Content

What's hot

bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1ebcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1eSam Kumarsamy
 
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)Robb Boyd
 
Security issues in RADIUS based Wi-Fi AAA
Security issues in RADIUS based Wi-Fi AAASecurity issues in RADIUS based Wi-Fi AAA
Security issues in RADIUS based Wi-Fi AAAKarri Huhtanen
 
TechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network LicenseTechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network LicenseRobb Boyd
 
CyberKnight capabilties
CyberKnight capabiltiesCyberKnight capabilties
CyberKnight capabiltiesSneha .
 
MGT300 Using Microsoft System Center to Manage beyond the Trusted Domain
MGT300 Using Microsoft System Center to Manage beyond the Trusted DomainMGT300 Using Microsoft System Center to Manage beyond the Trusted Domain
MGT300 Using Microsoft System Center to Manage beyond the Trusted DomainLouis Göhl
 
CISCO ACS 5.6 Migration Guide
CISCO ACS 5.6 Migration GuideCISCO ACS 5.6 Migration Guide
CISCO ACS 5.6 Migration GuidePCCW GLOBAL
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISETechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISERobb Boyd
 
Windows Malware Techniques
Windows Malware TechniquesWindows Malware Techniques
Windows Malware TechniquesLee C
 
User expert forum user-id
User expert forum user-idUser expert forum user-id
User expert forum user-idAlberto Rivai
 
Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Iftikhar Ali Iqbal
 
ReCertifying Active Directory
ReCertifying Active DirectoryReCertifying Active Directory
ReCertifying Active DirectoryWill Schroeder
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecRobb Boyd
 
Scc soft token datasheet
Scc soft token datasheetScc soft token datasheet
Scc soft token datasheetHai Nguyen
 
App viewx cert+
App viewx cert+App viewx cert+
App viewx cert+AppViewX
 
Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Iftikhar Ali Iqbal
 
Cloud summit demystifying cloud security
Cloud summit demystifying cloud securityCloud summit demystifying cloud security
Cloud summit demystifying cloud securityDavid De Vos
 
PCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyPCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyAlienVault
 

What's hot (20)

AL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_webAL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_web
 
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1ebcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
 
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
 
Security issues in RADIUS based Wi-Fi AAA
Security issues in RADIUS based Wi-Fi AAASecurity issues in RADIUS based Wi-Fi AAA
Security issues in RADIUS based Wi-Fi AAA
 
EAP-TLS
EAP-TLSEAP-TLS
EAP-TLS
 
TechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network LicenseTechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network License
 
CyberKnight capabilties
CyberKnight capabiltiesCyberKnight capabilties
CyberKnight capabilties
 
MGT300 Using Microsoft System Center to Manage beyond the Trusted Domain
MGT300 Using Microsoft System Center to Manage beyond the Trusted DomainMGT300 Using Microsoft System Center to Manage beyond the Trusted Domain
MGT300 Using Microsoft System Center to Manage beyond the Trusted Domain
 
CISCO ACS 5.6 Migration Guide
CISCO ACS 5.6 Migration GuideCISCO ACS 5.6 Migration Guide
CISCO ACS 5.6 Migration Guide
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISETechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISE
 
Windows Malware Techniques
Windows Malware TechniquesWindows Malware Techniques
Windows Malware Techniques
 
User expert forum user-id
User expert forum user-idUser expert forum user-id
User expert forum user-id
 
Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)
 
ReCertifying Active Directory
ReCertifying Active DirectoryReCertifying Active Directory
ReCertifying Active Directory
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSec
 
Scc soft token datasheet
Scc soft token datasheetScc soft token datasheet
Scc soft token datasheet
 
App viewx cert+
App viewx cert+App viewx cert+
App viewx cert+
 
Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)
 
Cloud summit demystifying cloud security
Cloud summit demystifying cloud securityCloud summit demystifying cloud security
Cloud summit demystifying cloud security
 
PCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyPCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance Strategy
 

Viewers also liked

Arrow SI's December 2016 Instant Insight Webinar
Arrow SI's December 2016 Instant Insight WebinarArrow SI's December 2016 Instant Insight Webinar
Arrow SI's December 2016 Instant Insight WebinarArrow Systems Integration
 
Avaya Aura Contact Center Elite
Avaya Aura Contact Center EliteAvaya Aura Contact Center Elite
Avaya Aura Contact Center EliteMotty Ben Atia
 
Microsoft azure platforms
Microsoft azure platformsMicrosoft azure platforms
Microsoft azure platformsMotty Ben Atia
 
3 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 20173 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 2017Drift
 

Viewers also liked (8)

AZ CDC Images
AZ CDC ImagesAZ CDC Images
AZ CDC Images
 
Arrow SI's December 2016 Instant Insight Webinar
Arrow SI's December 2016 Instant Insight WebinarArrow SI's December 2016 Instant Insight Webinar
Arrow SI's December 2016 Instant Insight Webinar
 
WebRTC for Beginners Webinar Slides
WebRTC for Beginners Webinar SlidesWebRTC for Beginners Webinar Slides
WebRTC for Beginners Webinar Slides
 
Avaya Aura 7.0 - What's New Webinar Slides
Avaya Aura 7.0 - What's New Webinar SlidesAvaya Aura 7.0 - What's New Webinar Slides
Avaya Aura 7.0 - What's New Webinar Slides
 
Avaya Aura Contact Center Elite
Avaya Aura Contact Center EliteAvaya Aura Contact Center Elite
Avaya Aura Contact Center Elite
 
Microsoft azure platforms
Microsoft azure platformsMicrosoft azure platforms
Microsoft azure platforms
 
3 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 20173 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 2017
 
Build Features, Not Apps
Build Features, Not AppsBuild Features, Not Apps
Build Features, Not Apps
 

Similar to Avaya Security Certificates Webinar

IBM Streams V4.1 and User Authentication with Client Certificates
IBM Streams V4.1 and User Authentication with Client CertificatesIBM Streams V4.1 and User Authentication with Client Certificates
IBM Streams V4.1 and User Authentication with Client Certificateslisanl
 
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptxOralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptxssuser865ecd
 
Certificate Management Made Easy
Certificate Management Made EasyCertificate Management Made Easy
Certificate Management Made EasyJason Newell
 
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...Farooq Khan
 
Certification authority
Certification authorityCertification authority
Certification authorityproser tech
 
Certificate fundamental from avaya smgr perspective
Certificate fundamental from avaya smgr perspectiveCertificate fundamental from avaya smgr perspective
Certificate fundamental from avaya smgr perspectiveShashank Kapil
 
Toronto MuleSoft Meetup: Virtual Meetup #3
Toronto MuleSoft Meetup: Virtual Meetup #3Toronto MuleSoft Meetup: Virtual Meetup #3
Toronto MuleSoft Meetup: Virtual Meetup #3Alexandra N. Martinez
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
 
MTLS in a Microservices World
MTLS in a Microservices WorldMTLS in a Microservices World
MTLS in a Microservices WorldDiogo Mónica
 
Understanding SSL Certificate for Apps by Symantec
Understanding SSL Certificate for Apps by SymantecUnderstanding SSL Certificate for Apps by Symantec
Understanding SSL Certificate for Apps by SymantecCheapSSLsecurity
 
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...DATA SECURITY SOLUTIONS
 
How EverTrust Horizon PKI Automation can help your business?
How EverTrust Horizon PKI Automation can help your business?How EverTrust Horizon PKI Automation can help your business?
How EverTrust Horizon PKI Automation can help your business?mirmaisam
 
Infrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate ServicesInfrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate Serviceskieranjacobsen
 
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...Precisely
 
COMODO Certificate Manager
COMODO Certificate ManagerCOMODO Certificate Manager
COMODO Certificate ManagerAnita Benett
 
Web Security Patterns - Jazoon 2010 - Zurich
Web Security Patterns - Jazoon 2010 - ZurichWeb Security Patterns - Jazoon 2010 - Zurich
Web Security Patterns - Jazoon 2010 - Zurichjavagroup2006
 
EC PKI Training on-prem and cloud-based PKI
EC PKI Training on-prem and cloud-based PKIEC PKI Training on-prem and cloud-based PKI
EC PKI Training on-prem and cloud-based PKIParnashreeSaha
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkpromediakw
 

Similar to Avaya Security Certificates Webinar (20)

IBM Streams V4.1 and User Authentication with Client Certificates
IBM Streams V4.1 and User Authentication with Client CertificatesIBM Streams V4.1 and User Authentication with Client Certificates
IBM Streams V4.1 and User Authentication with Client Certificates
 
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptxOralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
 
Certificate Management Made Easy
Certificate Management Made EasyCertificate Management Made Easy
Certificate Management Made Easy
 
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
 
Certification authority
Certification authorityCertification authority
Certification authority
 
Certificate fundamental from avaya smgr perspective
Certificate fundamental from avaya smgr perspectiveCertificate fundamental from avaya smgr perspective
Certificate fundamental from avaya smgr perspective
 
Toronto MuleSoft Meetup: Virtual Meetup #3
Toronto MuleSoft Meetup: Virtual Meetup #3Toronto MuleSoft Meetup: Virtual Meetup #3
Toronto MuleSoft Meetup: Virtual Meetup #3
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
 
MCSA 70-412 Chapter 06
MCSA 70-412 Chapter 06MCSA 70-412 Chapter 06
MCSA 70-412 Chapter 06
 
MTLS in a Microservices World
MTLS in a Microservices WorldMTLS in a Microservices World
MTLS in a Microservices World
 
Understanding SSL Certificate for Apps by Symantec
Understanding SSL Certificate for Apps by SymantecUnderstanding SSL Certificate for Apps by Symantec
Understanding SSL Certificate for Apps by Symantec
 
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
 
How EverTrust Horizon PKI Automation can help your business?
How EverTrust Horizon PKI Automation can help your business?How EverTrust Horizon PKI Automation can help your business?
How EverTrust Horizon PKI Automation can help your business?
 
Infrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate ServicesInfrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate Services
 
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
 
COMODO Certificate Manager
COMODO Certificate ManagerCOMODO Certificate Manager
COMODO Certificate Manager
 
Web Security Patterns - Jazoon 2010 - Zurich
Web Security Patterns - Jazoon 2010 - ZurichWeb Security Patterns - Jazoon 2010 - Zurich
Web Security Patterns - Jazoon 2010 - Zurich
 
EC PKI Training on-prem and cloud-based PKI
EC PKI Training on-prem and cloud-based PKIEC PKI Training on-prem and cloud-based PKI
EC PKI Training on-prem and cloud-based PKI
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talk
 
Tech t18
Tech t18Tech t18
Tech t18
 

Recently uploaded

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

Avaya Security Certificates Webinar

  • 1. Security Certificates An Introduction David Lover Vice President Strategy and Technology
  • 2. 2 Introduction to Security Certificates > Why do you need to understand Digital Certificates > Introduction to PKI – Public Key Infrastructure – What is a Security Certificate? – What is a Certificate Authority? > Avaya’s use of Security Certificates > High-level deployment tasks > Specific example of deploying certificates
  • 3. 3 Need for Understanding Digital Certificates > X509 Digital Certificates represent the identity and privacy “keys” in TLS based communication – SSL 2.0 -> SSL 3.0 ->TLS 1.0 -> TLS 1.1-> TLS 1.2 ->TLS 1.3 (Draft) > Avaya has been allowing customers to use their “Demo” Security Certs. > They began phasing that out in Aura R6 due to the older cipher strength (1024 bits versus 2048 bits) and lack of “uniqueness”. > Demo” certs are no longer installed by default (but are kept during an upgrade) > Customers must adopt and maintain a certificate strategy for their Aura system
  • 5. 5 TLS Security Certificates – Identity Certificate > A Security Certificate provides a mechanism to provide identity and encryption > A Security Certificate must be signed by a “trusted” Certificate Authority > X509 allows for various scopes of “Trust” through the use of Root Certificate Authority (CA) certs – Commercial (sometimes called 3rd Party Certs) – Enterprise
  • 6. 6 Certificate Authority (often referred to as the CA) > Verifies the identity. The CA must validate the identity of the entity who requested a digital certificate. > Issues digital certificates. If the validation process succeeds, the CA issues the digital certificate to the entity that requested it. > Maintains the Certificate Revocation List (CRL). A CRL is a list of digital certificates that are no longer valid and have been revoked. These digital certificates are not reliable.
  • 7. 7 Signing a Security Certificate > Avaya Elements that depend on System Manager for their trust management (ie Session Manager) this is done via System Manager > If Element supports CSR, use the tools provided in that element to create a CSR, transfer the file to the Certificate Authority for signing, install the signed certificate on the element (PEM or PKCS#12) > If the Element doesn’t support CSR, then create a cert directly within the Certificate Authority. This signed cert will be in a PKCS#12 format, containing the Private Key to be used by the element.
  • 9. 9 Migration Strategy > Identify overall Certificate Authority strategy (Public CA, Enterprise CA, SMGR CA, Hybrid) > Inventory infrastructure to determine which Certs need to be upgraded and who will need a copy of its Root CA Certificates > Create new Identity Certs (via CSR, when available). > Obtain and Deploy the Root CA’s associated with the new Identity Certs > Install new Identity Certs and Test Functionality > Remove old Root CA’s
  • 10. 10 Migration Strategy > Identify overall Certificate Authority strategy (Public CA, Enterprise CA, SMGR CA, Hybrid) > Inventory infrastructure to determine which Certs need to be upgraded and who will need a copy of its Root CA Certificates > Obtain and Deploy the Root CA’s associated with the new Identity Certs > Install new Identity Certs and Test Functionality > Remove old Root CA’s
  • 11. 11 TLS Security Certificate Strategies > Continue using weak “Demo” certs > Use your existing Enterprise Root Certificate Authority > Use System Manager as the Enterprise Root Certificate Authority > Use System Manager as an Intermediate CA of your Enterprise Root Certificate Authority > Use Commercial Root CA’s (Thawte, Verisign, etc) > Use a combination of the above strategies
  • 12. 12 TLS Security Certificates Continue using Avaya “Demo” certs > Advantages – Easiest option. Most Avaya products still support it. Some are “hard coded” to trust it. – Extended expiration date > Disadvantages – Non-unique – Weak Cipher strength – Do not meet current NIST standards – Avaya will NOT be renewing these certs. Once they expire, they are dead forever.
  • 13. 13 TLS Security Certificates Use your Existing Enterprise CA > Advantages – Root CA certs tend to already be deployed to enterprise clients and pc’s – Can have a longer expiration – Lets your enterprise manage acquisition of certs for you > Disadvantages – By default, no one outside of your enterprise will trust these certs – Lose the benefit of “automatic” cert acquisition from “enrolling” with System Manager – Requires coordination with your Enterprise Certificate team
  • 14. 14 TLS Security Certificates Use System Manager as the Enterprise Root CA > Advantages – Allows easier acquisition of Root CA certs upon installation by “enrolling” with System Manager – Let’s you be independent of external departments > Disadvantages – Root CA certs not deployed to enterprise users by default – Root CA certs not deployed to public users by default – Multiple Certificate Authority Servers to Manage and keep track of
  • 15. 15 TLS Security Certificates Use System Manager as an Intermediate CA > Advantages – Allows easier acquisition of Root CA certs upon installation by “enrolling” with System Manager – Let’s you be independent of external departments – Let’s existing Enterprise Root CA’s trust System Manager signed certs > Disadvantages – Root CA certs not deployed to enterprise users by default – Need to get buy-in from existing Enterprise CA owners to become a delegate – Some devices expect to see the full trust chain
  • 16. 16 TLS Security Certificates Use 3rd Party Commercial CA > Advantages – Most devices and operating systems come preloaded with the common, well known CA Root Certificates > Disadvantages – Short Expirations (1-2 years typical) – Can be expensive – Lose the benefit of “automatic” cert acquisition from “enrolling” with System Manager – Not all CA’s support the requirements of certain Avaya servers
  • 17. 17 Migration Strategy > Identify overall Certificate Authority strategy (Public CA, Enterprise CA, SMGR CA, Hybrid) > Inventory infrastructure to determine which Certs need to be upgraded and who will need a copy of its Root CA Certificates > Obtain and Deploy the Root CA’s associated with the new Identity Certs > Install new Identity Certs and Test Functionality > Remove old Root CA’s
  • 21. 21 Migration Strategy > Identify overall Certificate Authority strategy (Public CA, Enterprise CA, SMGR CA, Hybrid) > Inventory infrastructure to determine which Certs need to be upgraded and who will need a copy of its Root CA Certificates > Obtain and Deploy the Root CA’s associated with the new Identity Certs > Install new Identity Certs and Test Functionality > Remove old Root CA’s
  • 22. 22 Migration Strategy > Identify overall Certificate Authority strategy (Public CA, Enterprise CA, SMGR CA, Hybrid) > Inventory infrastructure to determine which Certs need to be upgraded and who will need a copy of its Root CA Certificates > Obtain and Deploy the Root CA’s associated with the new Identity Certs > Install new Identity Certs and Test Functionality > Remove old Root CA’s
  • 25. 25 Deploy New Root CA Cert – Communication Manager
  • 26. 26 Deploy New Root CA Cert – Communication Manager
  • 27. 27 Deploy New Root CA Cert – Communication Manager Communication Manager requires a restart for it to use the new Root CA Trust Cert
  • 28. 28 Deployment of New Root CA Cert > Avaya hard phones get their TLS settings from the 46xxsettings.txt file > Keep the existing CA for now. You should remove it once you’ve tested with new Identity Cert > Phones must be rebooted to re-process the 46xxsettings.txt file
  • 29. 29 Migration Strategy > Identify overall Certificate Authority strategy (Public CA, Enterprise CA, SMGR CA, Hybrid) > Inventory infrastructure to determine which Certs need to be upgraded and who will need a copy of its Root CA Certificates > Create new Identity Certs (via CSR, when available). > Obtain and Deploy the Root CA’s associated with the new Identity Certs > Install new Identity Certs and Test Functionality > Remove old Root CA’s
  • 31. 31 Replace Identity Certs – Security Module SIP
  • 32. 32 Replace Identity Certs - Security Module SIP
  • 35. 35 Migration Strategy > Identify overall Certificate Authority strategy (Public CA, Enterprise CA, SMGR CA, Hybrid) > Inventory infrastructure to determine which Certs need to be upgraded and who will need a copy of its Root CA Certificates > Create new Identity Certs (via CSR, when available). > Obtain and Deploy the Root CA’s associated with the new Identity Certs > Install new Identity Certs and Test Functionality > Remove old Root CA’s
  • 36. 36 Migration Strategy - Remove Old Root CA’s > Be VERY careful when doing this. Make sure there are no remaining identity certs signed by the old CA. > CM must be restarted
  • 37. 37 Migration Strategy - Remove Old Root CA’s > Be VERY careful when doing this. Make sure there are no remaining identity certs signed by the old CA. > Phones must be rebooted
  • 38. 38 Introduction to Security Certificates > Why do you need to understand Digital Certificates > Introduction to PKI – Public Key Infrastructure – What is a Security Certificate? – What is a Certificate Authority? > Avaya’s use of Security Certificates > High-level deployment tasks > Specific example of deploying certificates
  • 39. 39 Join Us For Our October Webinar! Join us on October 20th at 10am CST Join Andrew Prokop as he explains the fundamentals of Avaya Breeze before walking you through the creation of a few Breeze applications. Registration Link: http://go.arrowsi.com/instantinsightoctober2016register
  • 40. Security Certificates An Introduction David Lover Vice President Strategy and Technology