Use this procedure to create a new keystore certificate to enable Context Store replication from Data Center 1 to Data Center 2. This section provides a worked example on how to create a new identity certificate (keystore file) that contains the DC1 Avaya Oceana® Cluster 1 FQDN and all the nodes Management FQDNs, which are used to setup a secure SSL encrypted link between Context Store in Data Center 1 and Data Center 2.
The certificate enforces SSL encryption on the replication channel. For more information on the certificate-based authentication and creation of the keystore certificate, see Avaya Context Store Snap-in Developer Guide.
Important:
You must enable SSL encryption for Context Store replication from Data Center 1 to Data Center 2 to work.
There are multiple ways of generating identity certificates for Avaya Oceana® entities. This procedure describes a simple method for creating an identity certificate for Data Center 1 Avaya Oceana® Cluster 1 and its nodes.
The new identity certificate for Data Center 1 Avaya Oceana® Cluster 1 must include the following in the Subject Alternative Name (SAN) fields:
SAN DNS Name = DC1 Avaya Oceana® Cluster 1 FQDN
SAN DNS Name = Avaya Oceana® Cluster 1 Node 1 Management FQDN
SAN DNS Name = Avaya Oceana® Cluster 1 Node 2 Management FQDN
SAN DNS Name = Avaya Oceana® Cluster 1 Node 3 Management FQDN
Entities that access Avaya Breeze® platform through HTTPS must resolve the Common Name (CN) and SAN fields in the certificate with the FQDNs of the Avaya Breeze® platform node.
To resolve the certificate CN or SAN fields, you must enter the Management FQDN of each Avaya Breeze® platform node in your DNS server. You must also enter DC1 Avaya Oceana® Cluster 1 FQDN in your DNS server.
