Avaya Contact Center – Extended Capacity uses the TLS protocol for client and server authentication and for secure connection and communication between contact center servers and components. For a secure TLS connection, the contact center requires identity and trusted CA certificates on all contact center components. The system administrator must import all certificates into the contact center truststore.

Each Routing Core Server and Configuration Server instance must have an identity certificate signed by the same CA to establish a connection between contact center servers within one data center and servers in different data centers for high availability. The administrator imports server identity certificates and the trusted CA certificate during the contact center deployment.

Application Enablement Services, Avaya Call Management System, and Session Border Controller connect to Avaya Contact Center – Extended Capacity over TLS and require identity certificates. If another CA signs these identity certificates, the system administrator must import the trusted CA certificate into the contact center truststore. For more information about certificate management for Application Enablement Services, Call Management System, and Session Border Controller, see the AE Services, Call Management System, and Session Border Controller documentation at https://support.avaya.com/.

The contact center uses the TLS protocol to secure transmission of SIP messages with contact center endpoints. To secure SIP signaling, the endpoints must have the identity and trusted CA certificates installed. If the endpoints use a different CA to sign the certificates, the administrator must import the trusted CA certificate into the contact center truststore. For more information about certificate management for endpoints, see the Avaya 9600 Series IP Deskphones, Avaya J100 Series IP Phones, and Avaya Agent for Desktop documentation at https://support.avaya.com/.