Installing trusted certificate for TLS authentication with Avaya Aura Session Manager

Last Updated : Jun 05, 2026 |

About this task

Configure the Avaya Aura® Session Manager and Experience Portal to communicate over TLS.

Before you begin

To configure TLS as the Proxy Transport for SIP signaling between Experience Portal, Avaya Aura® Session Manager , and Communication Manager, the following certificate management steps are required:

  • The CA certificate that signed the Experience Portal server’s identity certificate must be imported as a trusted certificate on Avaya Session Manager.

    • If the Experience Portal servers are using default identity certificates, then the EP Signing Certificate (Root) must be installed as a trusted certificate on Avaya Session Manager.

    • If the Experience Portal servers are using externally signed identity certificates, then the trusted certificate of the CA that signed the Experience Portal server’s identity certificate must be installed as a trusted certificate on Avaya Session Manager.

  • The CA certificate that signed the Avaya Session Manager’s identity certificate must be imported as a trusted certificate on Experience Portal.

The identity and trusted certificates establish a mutually authenticated secure connection with Avaya Session Manager.

Procedure

  1. If using Default identity certificates, do the following:
    1. Log on to the EPM web interface.
    2. On the EPM navigation pane, click Security > Certificates.
    3. On the EP Signing Certificate tab, click Export and follow the prompts accordingly.
    4. Log on to System Manager and add the Experience Portal trusted certificate to Avaya Session Manager.

      For information on how to add trusted certificates, see Administering Avaya Aura® Session Manager on http://support.avaya.com.

  2. If using Externally signed identity certificates, do the following:
    1. Acquire the public certificates of the external CA that signed the Experience Portal server’s identity certificate.
    2. Log on to System Manager and add the certificates as trusted certificates to Avaya Session Manager.

Next Steps

  1. Import the public certificate of the CA that signed the Avaya Session Manager’s identity certificate as a SIP Connection type Trusted Certificate on Experience Portal. This is done through the Experience Portal web interface on the Security > Certificates > Trusted Certificates page.

  2. Log on to the System Manager console and configure the ASM Entity Link for TLS on port 5061.

  3. Log on to EPM, configure a SIP connection for TLS on port 5061, and restart the MPP.