Front-end host, System Manager, and certificate configuration

Last Updated : Jun 10, 2026 |

Use the following table as an aid for configuring the front-end host, System Manager, and certificate related settings.

In an Avaya Aura® environment, if you do not select the Front-end host, System Manager and Certificate Configuration option during the installation, then the self-signed certificates are automatically generated. Self-signed certificates are also generated when:

  • The System Manager FQDN option is not set.

  • The Use System Manager for certificates option is set to n.

  • Certificates were not provided for one of the interfaces: REST, OAMP, or NODE.

Note:

In an environment without Avaya Aura®, Avaya Aura® Device Services uses identity certificates signed by a third-party CA. You must configure the certificate settings when installing the Avaya Aura® Device Services application.

You can modify certificate configuration settings from the administration portal anytime. This is useful if you do not complete the certificate configuration as part of the initial setup process or if you generate certificates at a later time. For information about managing certificates through the administration portal, see Administering Avaya Aura® Device Services.

Warning:

Changing the System Manager Server FQDN after the installation will invalidate existing users data in the system, if the FQDN points to a System Manager server that contains a different set of users. You must change the FQDN only when switching to another replicated instance of the current System Manager. For any other situation, you must reinstall the Avaya Aura® Device Services system.

In an environment without Avaya Aura®, this menu has the Front-end host and Certificate Configuration name and does not contain settings related to System Manager.

Table 1: Front-end host, System Manager and Certificate Configuration settings

Item name

Description

Equivalent properties file parameter

Front-end FQDN

The front-end FQDN of the Avaya Aura® Device Services server.

For a cluster deployment, you must configure the front-end FQDN as the FQDN of the virtual IP address. If an external load balancer is used, set this value to the FQDN of the load balancer.

The front-end FQDN is the address that end-user clients use to access the services provided by Avaya Aura® Device Services.

The default value depends on the configuration present in the /etc/hosts file of the Avaya Aura® Device Services server.

Important:

Use split-horizon DNS and the same FQDN for Session Border Controller and Avaya Aura® Device Services if you want to prevent users from re-configuring their clients when working outside of the enterprise network. The same front-end FQDN resolves to one IP for Session Border Controller external to the enterprise, and a different IP inside the enterprise directly to Avaya Aura® Device Services.

REST_FRONTEND_HOST

System Manager FQDN

The FQDN of the System Manager that signs the Avaya Aura® Device Services certificates.

This field is not available in an environment without Avaya Aura®.

SYSTEM_MGR_IP

System Manager web admin username

The System Manager web administration portal user name.

This field is optional. This field is not available in an environment without Avaya Aura®.

SMGR_USER_NAME

System Manager web admin password

The System Manager web administration portal password.

This field is optional. This field is not available in an environment without Avaya Aura®.

SMGR_USER_PASSWORD

System Manager web version

The version number of Avaya Aura® System Manager.

This field is not available in an environment without Avaya Aura®.

SYSTEM_MGR_VERSION

System Manager HTTPS Port

The HTTPS port used for the Alarm Agent for the current Avaya Aura® Device Services server.

The default value for this setting is 443.

This field is not available in an environment without Avaya Aura®.

SYSTEM_MGR_HTTPS_PORT

System Manager Enrollment Password

The System Manager enrollment password.

This field is not available in an environment without Avaya Aura®.

SYSTEM_MGR_PW

Override port for reverse proxy

Specifies if you use an external reverse proxy server.

Enable this setting only if clients will not be connecting directly to the Avaya Aura® Device Services server, but rather using a proxy server as part of a remote access solution that is configured to receive connections on a port other than default port 443.

Select y (yes) to configure the port for the reverse proxy server or n (no) to keep the default configuration that remains disabled.

If you select y (yes), the menu displays a new setting for the reverse proxy port: Front-end port for reverse proxy.

Note:

If this parameter is changed after the installation, all of the nodes in a cluster must be restarted using the svc aads restart command to apply the change.

For more information about overriding ports in a clustered environment, see Overriding port configuration in a cluster.

OVERRIDE_FRONTEND_PORT

For the Front-end port for reverse proxy setting, the equivalent parameter is REST_FRONTEND_PORT.

Current Listen Port

Specifies the port Avaya Aura® Device Services uses to receive connections. This is the read-only field.

Use System Manager for certificates

Specifies if the certificates are retrieved from System Manager or from imported files.

Select y (yes) to retrieve certificates from System Manager or n (no) to retrieve certificates from imported files.

If you select n (no), the menu displays new settings for configuring the certificate files. To configure the certificate settings, you must provide the complete file path name to the:

  • REST interface key file

  • REST interface certificate file

  • OAM interface key file

  • OAM interface certificate file

  • node key file

  • node certificate file

  • signing authority certificate file

In an environment without Avaya Aura®, the Use System Manager for certificates field is not available, and the menu displays the settings for configuring the certificate files by default.

USE_SMGR

If the USE_SMGR option is set to n (no), you must configure the following parameters for importing the certificate files:

  • REST_KEY_FILE

  • REST_CRT_FILE

  • OAM_KEY_FILE

  • OAM_CRT_FILE

  • NODE_KEY_FILE

  • NODE_CRT_FILE

  • CA_CRT_FILE

Local frontend host

The local FQDN of the node.

This FQDN is not used for a client to access services, but is used to access the server within the enterprise, and is bound to the same Ethernet port as the front-end FQDN.

The Avaya Aura® Device Services configuration utility uses this value to generate certificates for the node.

Important:

In a clustered configuration, the local front-end host is different from one node to the other and is also different from the front-end FQDN. In a non-clustered environment, the local front-end host is usually different from the front-end FQDN to create a clustered configuration from a non-clustered configuration.

LOCAL_FRONTEND_HOST

Keystore password

The keystore password for the MSS and Tomcat Avaya Aura® Device Services certificates.

The minimum length for this password is 6 characters. The characters supported for the keystore password are:

  • a to z

  • A to Z

  • 0 to 9

  • Special characters: !, @, #, %, $, ^, *, ?, and _

KEYSTORE_PW