Uploading a certificate file

Last Updated : Jun 10, 2026 |

Before you begin

Obtain the signed certificate from the Certificate Authority (CA). You might also receive a certificate trust chain if the CA did not directly sign the certificate. The certificate trust chain might be provided as a separate file or it might be concatenated directly onto the signed certificate.

If the signed certificate is not in a PEM-encoded format, re-encode the certificate in the PEM format before uploading it to the EMS.

An open-source SSL library with utilities for conversions is available at:

http://www.openssl.org

You can use this utility to convert a file with a DER-encoded format to a PEM format, as shown in the example below:

openssl x509 –in input.der –inform DER –out output.pem –outform PEM

You can convert a certificate with a .PEM extension to the .crt extension by renaming the file and changing the PEM extension to .crt.

Procedure

  1. Log in to the EMS web interface with administrator credentials.
  2. From the Device menu, click the SBC name to administer.
  3. Navigate to TLS Management > Certificates.
  4. Click Install.
  5. In the Type field, select Certificate.
  6. In the Name field, type the name of the Certificate file.
    Note:

    You can type only letters, numbers, and underscores in the Name field. Enter the name of the Certificate file that is uploaded to the EMS. If the name of the Certificate file that you browse for uploading has a different name, that name will be changed with the Certificate name that is uploaded to the EMS.

  7. In the Certificate File field, click Browse and browse to the location of the Certificate file.
  8. In the Key field, select one of the following options:

    • Use Existing Key: Select this option if you generated a CSR from the Generate CSR screen. In this option, the key file is already in the correct location on the EMS.

      Note:

      If you are using this option, ensure that the Common Name in the Generate CSR screen matches with the name of the install certificate.

    • Upload Key File: Select this option if you generated a CSR by using an alternate method than the built-in Generate CSR screen.

      In this option, you must upload the private key as described in Step 7.

  9. In the Key File field, click Browse and browse to the location of the key file.
  10. In the Trust Chain File field, click Browse and browse to the location of the trust chain file.

    This step is required if the CA provided a separate certificate trust chain.

    If the third party CA provides separate Root CA and Intermediate certificates, you must combine both files into a single certificate file for Avaya SBC. To combine the files, add the contents of each certificate file one after the other, with the root certificate at the end.

  11. Click Upload.

    The EMS server uploads the signed X.509 certificate and the key file, if necessary, to the SBC. The EMS server automatically synchronizes and installs the certificate and key on multi-server and single server deployments.

    Important:

    For an HA pair, the certificate and key are uploaded to the primary device and synchronized to the secondary device. However, if you add a new certificate and key on the EMS, you must manually click Synchronize to HA Peer to so that the certificate and keys are synchronized onto the secondary device.