Configuring CRL download on the secondary System Manager server

Last Updated : Mar 24, 2023 |

Procedure

  1. Access the login page of the primary System Manager server.
  2. Copy the CRL of the browser certificate.

    For information about copying the CRL URL, see Copying the CRL URL.

  3. Replace the vFQDN in the CRL with the IP address of the primary System Manager server.
    For example, the CRL in the certificate is: 
    http://<vFQDN>/ejbca/publicweb/webdist/certdist?cmd=crl&issuer=CN=System%20Manager%20CA,OU=MGMT,O=AVAYA
    The new CRL for the certificate will be: 
    http://<ip-address>/ejbca/publicweb/webdist/certdist?cmd=crl&issuer=CN=System%20Manager%20CA,OU=MGMT,O=AVAYA

    Where, <vFQDN> and <ip-address> are the respective vFQDN and IP address.

    Note:

    If you installed a third-party certificate on System Manager servers, this step is not required. If third-party certificate, then configure CRL URL of the third-party certificate for CRL download.

  4. Log on to the secondary System Manager web console.
  5. On the System Manager web console, click Services > Security.
  6. In the navigation pane, click Configuration > CRL Download.
  7. On the CRL Download Configuration page, click Add.

    System Manager displays the Schedule CRL Download page.

  8. In Job Name, type the job name.
  9. In Job Frequency, set the frequency and recurrence to schedule the job within a few minutes after the CRL addition.
  10. Copy the new CRL URL from Notepad and paste the URL in the Configure CRL Distribution Point field.

    For information about copying the CRL URL, see Copying the CRL URL.

    CRL URL example:

    http://<ip-address>/ejbca/publicweb/webdist/certdist?cmd=crl&issuer=CN=System%20Manager%20CA,OU=MGMT,O=AVAYA
  11. Click Add, and then click Commit.

    Ensure that the job is completed successfully.

Next Steps

Add the trusted certificate of the primary server to the secondary System Manager server.