Configuring the client certificate policy using the command line interface

Last Updated : Jun 05, 2026 |

About this task

You can configure client certificates to establish a secure connection. As per your requirement, you can choose how the server validates certificates for Avaya Aura® Device Services clients. Changing the certificate setting might affect the client’s ability to connect to Avaya Aura® Device Services.

Use this procedure if you accidentally changed the administrator interface (OAMP) client certificate policy and are no longer able to access the system interface. To change the certificate, you must access the Avaya Aura® Device Services seed node. Use this procedure to change the setting through the command line interface (CLI).

Procedure

  1. On the SSH terminal, log in as an administrator.
  2. Run one of the following commands:
    • To change the setting to None: 
      sudo /opt/Avaya/DeviceServices/<version>/CAS/<version>/misc/clitool-acs.sh clientCertificateVerificationConfig oampGuiClient off
    • To change the setting to Optional: 
      sudo /opt/Avaya/DeviceServices/<version>/CAS/<version>/misc/clitool-acs.sh clientCertificateVerificationConfig oampGuiClient optional
    • To change the setting to Required: 
      sudo /opt/Avaya/DeviceServices/<version>/CAS/<version>/misc/clitool-acs.sh clientCertificateVerificationConfig oampGuiClient on

    After you run the appropriate command, it will take several minutes for the changes to take effect.