[cisco-voip] re-genarate certifications

Dave Cardwell dave.cardwell1 at gmail.com
Fri Jun 23 15:29:52 EDT 2017


>
>
> The bigger problem is the automatic phone reset.
> -Rya
>

Well fix the phones, why do they need to reset to support new
certificates?

Key rotation is a long solved problem, push out the new new certificate
when its generated after 60 days but don't activate it on the server.  The
phones should now trust both the new one and the old one (until it expires
30 days later), then activate the new one on the server a couple of days
before the old one expires.  Once the phones can import certificates
without reloading the switch-over on the server side should be a non-issue.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20170623/6a1f7f81/attachment.html>


More information about the cisco-voip mailing list