Generating an identity certificate chain in the PEM format

Last Updated : Jun 10, 2026 |

About this task

If you want to use an identity certificate signed by a third-party certificate authority (CA), you must generate an identity certificate chain. An identity certificate chain must include the following certificates in order:

  1. The third-party CA-signed identity certificate.

  2. All intermediate CA certificates, if any.

  3. The root CA certificate.

Assign this certificate chain to a specific Avaya Aura® Web Gateway server interface.

Use this procedure to generate an identity certificate chain in the PEM format.

Before you begin

Ensure that you have the third-party CA-signed identity certificate, root CA certificate, and all intermediate CA certificates in the PEM format. If these files are in the PKCS12 format, you can convert these certificates to the PEM format using the OpenSSL tool.

Procedure

  1. Log in to the Avaya Aura® Web Gateway using your SSH credentials.
  2. Navigate to the directory with the certificates.
  3. Run the cat command as follows:

    cat <Identity_ertificate_file_name> <Intermediate_CA_certificate_file_name> <Root_CA_file_name> > <Certificate_chain_file_name>

    If you have several intermediate CA certificates, list all intermediate CA certificate file names, separated by a space, and then list the root CA certificate file name.

    For example, if you have the identity certificate identity.crt, two intermediate CA certificates (intermediateCA1.crt and intermediateCA2.crt), and root CA certificate rootCA.crt, run the following command to generate a certificate chain with the identityChain.crt file name:

    cat identity.crt intermediateCA1.crt intermediateCA2.crt rootCA.crt > identityChain.crt

Related information
Managing server interface certificates