Importing third-party identity provider private CA certificates

Last Updated : Jun 10, 2026 |

About this task

If you integrate Avaya Aura® Device Services with a third-party identity provider that is using a private CA, you must import the private CA certificates into the Java truststore. This allows you to import the third-party identity provider configuration XML file directly from the identity provider.

In cluster deployments, perform this procedure on the seed node first and then on all non-seed nodes.

If you redeploy the virtual machines, you must perform this procedure again.

Before you begin

Obtain the root and, if required, intermediate CA certificates in PEM format for the CA that signs the provider’s identity certificate.

Procedure

Transfer the CA certificates to the Avaya Aura® Device Services node using a file transfer program, such as SFTP or SCP.
Log in to the Avaya Aura® Device Services node using an SSH connection.
Navigate to /etc/pki/java.
Run the following command to import the root certificate into the truststore:

sudo keytool -importcert -keystore ./cacerts -alias idpca -file <PATH>

In this command, <PATH> is the full path to the CA certificate in PEM format.

Note:
The keystore password is changeit.
Repeat the previous step for all required intermediate CA certificates.

Send Feedback

AVAYA DOCUMENTATION CENTER

No results found