Product Support Notice © 2012 Avaya Inc. All Rights Reserved. PSN # PSN003627u Original publication date: 24-Apr-12. This is Issue #01, published date: Severity/risk level Low Urgency When convenient 24-Apr-12. Name of problem CMS Supervisor Web: Microsoft Internet Explorer displays security warning when the CMS Supervisor Web page is loaded in a new browser window. Products affected Call Management System (CMS): Release: CMS Supervisor Web – all versions are affected. First released with R16.3 CMS. Problem description Microsoft Internet Explorer displays a security warning every time the CMS Supervisor Web page is loaded in a new browser window (A). Also, once the CMS Supervisor Web application is loaded, a pink certificate error persists (B). CN value in cmsweb.jks differs from the server URL value resulting in a security warning If the CN value in the CMS server cmsweb.jks file differs from the server URL value, Microsoft Internet Explorer may generate a security warning every time CMS Supervisor Web is accessed from a new browser window. In this example, finch.dr.avaya.com is the server URL value: A) Certificate error A certificate error message is displayed and the entire URL line remains pink. Resolution A) CN value in cmsweb.jks differs from the server URL value resulting in a certificate warning. Login to the CMS server with the root login ID and follow these steps to clear: 1) Go to the /opt/cmsweb/cert directory on the CMS: # cd /opt/cmsweb/cert 2) Enter the following command and check the URL/Common Name (CN) value. # /opt/cmsweb/bin/showcrt.sh URL/Common Name: finch # 3) If the CN value does not match the server URL entered by users when accessing the CMS Supervisor Web interface, update the CN value with this command: # /opt/cmsweb/bin/chgcrt.sh Please enter the URL (default: finch): finch.dr.avaya.com # In the example above, finch is the CN value in the current cmsweb.jks file. However, users are accessing the server with the fully qualified domain name finch.dr.avaya.com. Therefore, the CN value should be updated to finch.dr.avaya.com. © 2012 Avaya Inc. All Rights Reserved. Page 2 4) Verify the change: # /opt/cmsweb/bin/showcrt.sh URL/Common Name: finch.dr.avaya.com # 5) Stop cmsweb # cmsweb stop 6) Start cmsweb # cmsweb start B) Pink URL Certificate Error Install Certificate in Internet Explorer Click on the Certificate Error tab and the “Untrusted Certificate” screen is displayed. The bottom of the “Untrusted Certificate” window has a link named “View certificates” Click on the “View certificates” link and the “Certificate” screen is displayed: Click on the “Install Certificate” button © 2012 Avaya Inc. All Rights Reserved. Page 3 The “Welcome to the Certificate Import Wizard” screen is displayed. Click the Next button and the “Certificate Store” screen is displayed. Click the radial button for “Automatically place the certificate store based on the type of certificate” Click the Next button and the “Completing the Certificate Import Wizard” screen is displayed. © 2012 Avaya Inc. All Rights Reserved. Page 4 Click the Finish button and a “Security Warning” screen is displayed. Click Yes, to install the certificate Click OK to close the Certificate Import Wizard window. Close the browser. © 2012 Avaya Inc. All Rights Reserved. Page 5 Verify the changes Open a browser and select Tools | Internet Options Click on the Content tab Click on Certificates under the Certificates section. Click on the Trusted Root Certification Authorities tab Scroll through the list to verify your certificate name is listed © 2012 Avaya Inc. All Rights Reserved. Page 6 Click on Close to close the Certificates window Workaround or alternative remediation Remarks n/a Patch Notes The information in this section concerns the patch, if any, recommended in the Resolution above. n/a Download n/a Patch install instructions n/a Verification n/a Failure n/a Patch uninstall instructions n/a Service-interrupting? No Security Notes The information in this section concerns the security risk, if any, represented by the topic of this PSN. © 2012 Avaya Inc. All Rights Reserved. Page 7 Security risks n/a Avaya Security Vulnerability Classification Not Susceptible Mitigation n/a For additional support, contact your Authorized Service Provider. Depending on your coverage entitlements, additional support may incur charges. Support is provided per your warranty or service contract terms unless otherwise specified. Avaya Support Contact Telephone U.S. Remote Technical Services – Enterprise U.S. Remote Technical Services – Small Medium Enterprise U.S. Remote Technical Services – BusinessPartners for Enterprise Product BusinessPartners for Small Medium Product Canada Caribbean and Latin America Europe, Middle East, and Africa Asia Pacific 800-242-2121 800-628-2888 877-295-0099 Please contact your distributor. 800-387-4268 786-331-0860 36-1238-8334 65-6872-8686 Disclaimer: ALL INFORMATION IS BELIEVED TO BE CORRECT AT THE TIME OF PUBLICATION AND IS PROVIDED “AS IS”. AVAYA INC., ON BEHALF OF ITSELF AND ITS SUBSIDIARIES AND AFFILIATES (HEREINAFTER COLLECTIVELY REFERRED TO AS “AVAYA”), DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND FURTHERMORE, AVAYA MAKES NO REPRESENTATIONS OR WARRANTIES THAT THE STEPS RECOMMENDED WILL ELIMINATE SECURITY OR VIRUS THREATS TO CUSTOMERS’ SYSTEMS. IN NO EVENT SHALL AVAYA BE LIABLE FOR ANY DAMAGES WHATSOEVER ARISING OUT OF OR IN CONNECTION WITH THE INFORMATION OR RECOMMENDED ACTIONS PROVIDED HEREIN, INCLUDING DIRECT, INDIRECT, CONSEQUENTIAL DAMAGES, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF AVAYA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE INFORMATION PROVIDED HERE DOES NOT AFFECT THE SUPPORT AGREEMENTS IN PLACE FOR AVAYA PRODUCTS. SUPPORT FOR AVAYA PRODUCTS CONTINUES TO BE EXECUTED AS PER EXISTING AGREEMENTS WITH AVAYA. All trademarks identified by ® or TM are registered trademarks or trademarks, respectively, of Avaya Inc. All other trademarks are the property of their respective owners. © 2012 Avaya Inc. All Rights Reserved. Page 8