Getting certificates signed by the third-party CA

Last Updated : Oct 06, 2021 |

About this task

Avaya Aura® Web Gateway accepts certificates in either the PEM or PKCS12 formats.

Note:

  • PEM is a Base64 encoded ASCII format. The certificate data is prefixed with the -----BEGIN CERTIFICATE----- line and followed by the -----END CERTIFICATE----- line. The most common file name extensions are .pem, crt, and cer.

  • PKCS12 is a binary format that contains the server certificate, intermediate certificates and the private key in a single encryptable file. The file name extensions for this format are .pfx and .p12.

Before you begin

  • Ensure that the CA is configured to include extendedKeyUsage for both the client and the server in the generated certificates.

  • Open the Linux shell using the Linux administrator account credentials.

Procedure

  1. Transfer the frontEnd.csr file from Avaya Aura® Web Gateway so that it can be used during signed certificate generation process on your third-party CA.
  2. Transfer certificates to Avaya Aura® Web Gateway.
    1. Transfer the signed .crt file to /opt/Avaya/AAWGportalCerts, and name it frontEnd.crt.
    2. Transfer the third-party root CA certificate to /opt/Avaya/AAWGportalCerts, and name it rootCA.crt.
    3. Transfer any third-party intermediary CA certificates to /opt/Avaya/AAWGportalCerts, and name them intermediary1.crt, intermediary2.crt, and so on in ascending order of the certificate chain until the root CA.
  3. To create a certificate chain containing the front end certificate, arrange all intermediary CA certificates (if any) and the root CA certificate in the correct order, and then run the following command: 
    cat frontEnd.crt intermediary1.crt intermediary2.crt ... rootCA.crt > frontEndCerts.crt