Security Module HTTP identity certificate attributes

Last Updated : Apr 25, 2023 |

Generate the Security Module HTTP identity certificate with the following X509v3 extensions and attributes.


Attribute	Value	Required
Subject	`CN={breeze-fqdn}`	Required
Validity	validity period	Required
Authority Key Identifier	hash	Required
Subject Key Identifier	hash	Recommended
Key Usage	`digitalSignature`	Required
	`nonrepudiation`	Required
	`keyEncipherment`	Required ¹
Extended Key Usage	`id-kp-serverAuth = 1.3.6.1.5.5.7.3.3.1`	Required
Extended Key Usage	`id-kp-clientAuth = 1.3.6.1.5.5.7.3.3.2`	Optional ²
Subject Alternative Name	`IP:{breeze-security-module-ip}`	Required ³
Subject Alternative Name	`DNS:{breeze-fqdn}`	Required
Authority Information Access	`OCSP - URI:http://{ocsp-server}{:ocsp-port}{/ocsp-path}`	Optional
CRL Distribution Points	`URI:http://{crl-server}{:crl-port}{/crl-path}` ⁴	Optional
CRL Distribution Points	`URI:ldap://{crl-server}{:crl-port}{/crl-dn}`	Optional

¹ Authority key identifiers are required elements in end entity certificates to properly establish the trust chain.

² Required if the same identity certificate is used when the server is acting as a client.

³ For the 96xx endpoints, PPM is defined as an IP address so PPM certificates must contain the IP:{ip} Subject Alternative Name entry when these endpoints are part of the solution.

⁴ URLs and DNs used to identify the location of CRLs in LDAP directories may be quite complex; entities configuring or consuming these must be able to handle characters as defined by the LDAP URI specification in RFC 4516.

Send Feedback

AVAYA DOCUMENTATION CENTER

No results found

AVAYA DOCUMENTATION CENTER

No results found

Administering Avaya Breeze® platform

Security Module HTTP identity certificate attributes