Installing a certificate and a key

Last Updated : Oct 04, 2018 |

Procedure

  1. Rename the certificate key in the .PEM format and the key file in the .KEY format so that these files use the same file name.

    For example: certificate1.pem and certificate1.key.

    Important:

    Do not use the dot (.) symbol in the file name.

  2. Log in to the Avaya SBC web administration portal.
  3. Navigate to TLS Management > Certificates.
  4. Click Install.
  5. Configure the following fields:
    1. Type: Select a type of the certificate that you want to install.
    2. Name: Provide a name for the certificate that you want to install.

      This field is optional. If you do not provide a name, then the file name of the uploaded certificate file will be used as the certificate name.

      Note:

      If you provide a name that matches the name of one of installed certificates, the system replaces that certificate with the certificate that you are installing.

    3. Override Existing: Select if you can install a certificate with the name that matches the name of one of already installed certificates.

      If the check box is cleared, the system displays an error message when you try to install a certificate with the same name. If the check box is selected, the system replaces the existing certificate with the certificate you are installing.

    4. Allow Weak Certificate Key: Select if you can install a certificate signed using a weak key.

      If the option is selected, the system bypasses the check that requires strong private keys. EMS rejects private keys lesser than 2048 bits or signed with an MD5 based hash by default.

    5. Certificate File: Specify a location of the certificate file on your computer.
      Important:

      If the third-party CA provides separate Root CA and intermediate certificates, you must combine these certificates into a single file before installing to Avaya SBC. To combine the files, append the content of each certificate file one after another. Add the content of the root CA certificate to the end of this single file.

    6. Key: Specify the private key that you want to use.

      You can opt to use the existing key from the file system or select a file containing another key.

    7. Key File: Specify the key file.

      This button is displayed when you select Upload Key File in the Key field.

  6. Click Upload.
  7. Log in to Avaya SBC as root using an SSH connection.

    The port is 222. Use the ipcs user name and password.

  8. Navigate to the /usr/local/ipcs/cert/key directory.
  9. Run the enc_key <filename> <passphrase> command.

    In this command, <filename> is the name of the encryption key file and <passphrase> is the passphrase you used while generating the CSR.

  10. Restart Avaya SBC.