Creating a client certificate

Last Updated : Jun 10, 2026 |

About this task

Use this procedure to create a client certificate, which can be imported into a web browser for authenticating automatic login into the Avaya Aura® Web Gateway web administration portal.

Procedure

  1. Open the Linux shell using your Linux administrator account credentials.
  2. To generate a CSR, run the following command: 
    sudo ./createCSR.sh /tmp/AAWGportalCerts frontEndFQDN localFQDN organizationNameorganizationUnit locality stateOrProvince countryCode emailAddress
    Important:

    This command is a single Linux command and must be entered as a single line even if it appears as several lines in the document.

    The parameters for this script are:

    • frontendFQDN: For a cluster installation, this is the FQDN of the Virtual IP or external load balancer. For simple, non-clustered installations, this is the FQDN of the server where Avaya Aura® Web Gateway is installed.

    • localFQDN: The FQDN of the server.

    • orgnizationName: The name of the organization.

    • organizationUnit: The name of the unit or sub-organization. For example, Design.

    • locality: The name of the city or town.

    • state: The two-digit state or province code.

    • countryCode: The two-digit country code.

    • emailAddress: The administrator email address.

    Avaya Aura® Web Gateway create the oamp.csr and oamp.key files in the /tmp/AAWGportalCerts directory.

  3. To generate the .pem file, on the System Manager web console, navigate to Services > Security > Certificates > Authority.
  4. Click the Add End Entity tab and complete the following settings:
    1. Set End Entity Profile to Empty.
    2. Type your user name and password in Username and Password.
    3. Type your user ID in CN, Common name.

      The user ID you provide must use the same format that you used for the UID Attribute ID field on the LDAP Configuration tab.

    4. Set Certificate Profile to ENDUSER.
    5. Click Add.

      A new end entity with the specified user name is created on the System Manager web console.

  5. In the left navigation pane, click the Public Web tab and complete the following settings:
    1. In Username and Enrollment code, type the same user name and password that you used to create an end entity.
    2. Click Choose File to add the oamp.csr file, which you generated in step 2.
    3. Click OK to generate the .pem file.
  6. In the SSH console, run the openssl command to convert the .pem file to a .pfx or .p12 file.

    The following is an example of the command to convert the .pem file to a .p12 file:

    openssl pkcs12 -export -out <P12_FILE_NAME> -in <PEM_FILE_NAME>.pem -inkey oamp.key -passout pass:<PASSWORD>