Creating and applying load balancer certificates

Last Updated : Jun 10, 2026 |

About this task

Load balancers only appear in the private DNS within AWS. Therefore, certificates generated by external certificate authorities might not work. Use this procedure to obtain a certificate from System Manager within AWS.

Important:

Avaya recommends that you perform this procedure on the System Manager that you later connect to Avaya Aura® Device Services when installing the Avaya Aura® Device Services application. If you perform this procedure on another System Manager, you must import that System Manager CA to Avaya Aura® Device Services as described in Managing truststore certificates in Administering Avaya Aura® Device Services.

Procedure

  1. On the System Manager web console, navigate to Home > Services > Security > Certificates > Authority.
  2. Click Add End Entity and complete the settings in the following fields:
    1. End Entity Profile: Type <INBOUND_OUTBOUND_TLS>.
    2. Username: Type <FQDN of the load balancer>.

      The FQDN of the load balancer is the service FQDN of the cluster. This domain name portion of the FQDN represents the domain name that clients use to access service. The FQDN must be the combination of the stack name followed by the domain. For example, if the stack name is yourStack and the domain is your.domain.com, then the FQDN is yourStack.your.domain.com.

      Note:

      The stack name must start with a letter and must contain only letters, numbers, or dashes. This stack name must be used during multi-node CloudFormation.

    3. Password: Type your password.
    4. Confirm Password: Retype your password.
    5. CN, Common name: Type <FQDN of the load balancer>.
    6. Subject Alternative Name section: In DNS Name, type the following FQDNs:

      • FQDN of the load balancer.

      • FQDNs of all Avaya Aura® Device Services nodes in the cluster.

      • FQDNs of all Utility Server nodes in the cluster, if you plan to use the Utility Server.

      • localhost.localdomain

    7. Token: Select the PEM file.
      Note:

      The remaining fields are optional. For more information, see Administering Avaya Aura® System Manager.

  3. Click Add.
  4. Navigate to Home > Services > Security > Certificates > Authority > Public Web.

    The system displays the EJBCA public page.

  5. Click Create Keystore.
  6. In Username, type the FQDN of the load balancer.
  7. In Password, type the End Entity password that you created earlier.
  8. Click OK.

    The system displays the EJBCA Token Certificate Enrollment page.

  9. In Key length, select the required key length.

    A length of 2048 bits is recommended.

  10. Click Enroll and select a text editor to view the certificate.
  11. Save the PEM file to your computer.
  12. Sign in to the AWS console and navigate to Services > Security, Identity & Compliance > Certificate Manager.
  13. Click Import a certificate.

    The system displays a form with three fields: Certificate Body, Certificate private key, and Certificate chain.

  14. Open the PEM file you saved earlier with a text editor and do the following:
    Note:

    You must include the BEGIN and END labels for each section that you paste into the form.

    1. In the Private Key section, copy the string from -----BEGIN PRIVATE KEY----- to -----END PRIVATE KEY----- and paste it into the Certificate private key field.
    2. In the Certificate section, copy the first certificate string from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- and paste it into the Certificate body field.
    3. In the Certificate section, copy the second certificate string from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- and paste it into the Certificate chain field.
  15. Click Review and import.
  16. Click Import.

    The system imports the certificate and displays the status and details of the certificate.

  17. Copy and save the ARN value in the Details section.

    The ARN is required for the Load balancer certificate ARN field during the multi-node CloudFormation deployment.