Installing third-party CA certificates

Last Updated : Jun 08, 2026 |

About this task

Use this procedure if you want to use certificates signed by a third-party CA instead of certificates signed by System Manager.

Obtain a third-party CA-signed identity certificate, all intermediate CA certificates, and the root CA certificate. Do one of the following:

Create a certificate signing request (CSR). For more information, see Managing CSRs.

Note:
If the CA provides certificates as separate PEM files, you must manually generate an identity certificate chain. For more information, see Generating an identity certificate chain in the PEM format.
Obtain a certificate bundle in the PKCS12 format from the CA. The PKCS12 bundle must include a private key, the identity certificate, all intermediate CA certificates, and the root CA certificate. To view the bundle content and ensure that it includes a full certificate chain, run the openssl pkcs12 -info -in <pkcs12_certificate_file_name> command.

If the CA provides the identity certificate as a separate .p12 file, generate an identity certificate chain. For more information, see Generating an identity certificate chain in the PKCS12 format.

Log in to the Avaya Aura® Web Gateway web administration portal.
Navigate to Security Settings > Certificate Management > Identity Certificates.
In the Keystore area, click Import and then select either the identity certificate chain in the PEM format or the PKCS12 certificate bundle.
In the Server Interfaces area, select the required server interface.
Click Assign and then select the certificate chain or PKCS12 bundle that you imported in step 3.

Avaya Aura® Web Gateway restarts to apply the changes.
Navigate to Security Settings > Certificate Management > Truststore.
Click Import and then select the third-party root CA certificate and all intermediate CA certificates.

Install the third-party root CA certificate and all intermediate CA certificates on the clients.

Send Feedback