Avaya Aura Device Services does not contain the latest Avaya Spaces CA certificate

Last Updated : Jun 10, 2026 |

Condition

Avaya Aura® Device Services displays the OFFLINE status for Avaya Spaces on the Configuration page. The error message contains the following text:

Status: OFFLINE 
failed on processing exception javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

System Manager or other SNMP server configured in your deployment might also raise the Raising alarm due to invalid certificates or invalid API key and secret alarm.

Cause

Avaya Aura® Device Services does not contain the latest Avaya Spaces CA certificate in the public CA truststore.

This issue might also occur after upgrading Avaya Aura® Device Services. During the upgrade process, Avaya Aura® Device Services does not copy expired Avaya Spaces certificates into the truststore for Avaya Spaces certificates.

Solution

Procedure

You must manually download the latest Avaya Spaces CA certificate and import it to the Avaya Aura® Device Services public CA truststore using the keytool command.

This procedure is for the Google Chrome browser. For other browsers, perform a search on documentation for exporting an SSL certificate from a website for that browser.

  1. In the Google Chorme browser, navigate to https://accounts.avayacloud.com.
  2. Press F12 to open Developer Tools.
  3. Click the Security tab.
  4. In the Security overview section, click View certificate.
  5. In the Certificate window, click the Certification Path tab.
  6. Select the root CA and click View Certificate.
  7. In the new Certificate window that is opened, click the Details tab.
  8. Click Copy to File.
  9. In the Certificate Export Wizard, click Next.
  10. In the Export File Format window, select Base-64 encoded X.509 (.CER) and then click Next.
  11. Select a location where you want to store the certificate and then click Next.
  12. Click Finish.
  13. Copy the certificate to the home directory of the administrative user on Avaya Aura® Device Services.

    You can use any file transfer program, such as SFTP or SCP.

  14. Log in to the Avaya Aura® Device Services CLI.
  15. Run the following command: 
    sudo keytool -importcert -noprompt -alias <ALIAS_NAME> -file <PATH_TO_CERTIFICATE> -keystore /opt/Avaya/DeviceServices/<VERSION>/CAS/<VERSION>/cert/publicCA-ts.jks -storepass <KEYSTORE_PASSWORD>

    In this command:

    • <ALIAS> is a name of your choice that the public CA truststore will use for the Avaya Spaces CA certificate.

    • <PATH_TO_CERTIFICATE> is the full path to the Avaya Spaces CA certificate.

    • <KEYSTORE_PASSWORD> is the Keystore password created during Avaya Aura® Device Services deployment.