Replace Avaya Breeze platform node identity certificates

Last Updated : Apr 24, 2025 |

Avaya Oceana® runs as applications within the Avaya Breeze® platform. For enhanced security, Avaya provides the ability to add or replace Trust and Identity Certificates. Identity Certificates are administered individually for Avaya clusters. Five default Identity Certificates are generated as part of the Avaya OVA deployment process. You can replace a default certificate with a certificate from a well-known Certificate Authority (CA).

The Security Module HTTPS certificate is visible to applications and endpoints. If you are using HTTPS with hostname validation checks, you must replace the default HTTP certificate. There are many ways of generating Identity Certificates for Avaya Oceana®. This section describes one of the methods of creating an Identity Certificate for each Avaya Oceana® cluster. The Identity Certificate for each cluster must include the following in the Subject Alternative Name (SAN) fields:

  • Cluster FQDN

  • Management FQDN for each node in the cluster

  • SIP FQDN for each node in the cluster

The entities that access Avaya through HTTPS must resolve the Common Name (CN) and SAN fields in the certificate with the FQDNs of the Avaya node. To resolve the certificate CN or SAN fields, enter the Management FQDN and SIP FQDN of each Avaya node in your DNS server. Also enter the Cluster FQDNs in your DNS server. In a cluster with a single node, the cluster FQDN is the SIP FQDN of the one node in the cluster.

Avaya Oceana® Cluster 1 – Identity Certificate Request

Note:

In customer production deployments, where the security and management interfaces are in separate subnets, there can only be 4 DNS entries for cluster 1 – cluster FQDN + 3 Management FQDNs for 3 nodes. A second separate certificate has 4 DNS for cluster 1 – cluster FQDN + 3 Security FQDNs for 3 nodes.

The Avaya Oceana® Cluster 1 certificate includes the following:

  • CN Common Name = Avaya Oceana® Cluster 1 FQDN

  • SAN DNS Name = Avaya Oceana® Cluster 1 Node 1 Management FQDN

  • SAN DNS Name = Avaya Oceana® Cluster 1 Node 1 SIP FQDN

  • SAN DNS Name = Avaya Oceana® Cluster 1 Node 2 Management FQDN

  • SAN DNS Name = Avaya Oceana® Cluster 1 Node 2 SIP FQDN

  • SAN DNS Name = Avaya Oceana® Cluster 1 Node 3 Management FQDN

  • SAN DNS Name = Avaya Oceana® Cluster 1 Node 3 SIP FQDN

Avaya Oceana® Cluster 2 – Identity Certificate Request

Note:

In customer production deployments, where the security and management interfaces are in separate subnets, there can only be 3 DNS entries for cluster 2 – cluster FQDN + 2 Management FQDNs for 2 nodes. A second separate certificate has 3 DNS also for cluster 2 – cluster FQDN + 2 Security FQDNs for 3 nodes.

The Avaya Oceana® Cluster 2 certificate includes the following:

  • CN Common Name = Avaya Oceana® Cluster 2 FQDN

  • SAN DNS Name = Avaya Oceana® Cluster 2 Node 1 Management FQDN

  • SAN DNS Name = Avaya Oceana® Cluster 2 Node 1 SIP FQDN

  • SAN DNS Name = Avaya Oceana® Cluster 2 Node 2 Management FQDN

  • SAN DNS Name = Avaya Oceana® Cluster 2 Node 2 SIP FQDN

Avaya Oceana® Cluster 3 – Identity Certificate Request

Note:

In customer production deployments, where the security and management interfaces are in separate subnets, there can only be 3 DNS entries for cluster 3 – cluster FQDN + 2 Management FQDNs for 2 nodes. A second separate certificate has 3 DNS also for cluster 3 – cluster FQDN + 2 Security FQDNs for 3 nodes.

The Avaya Oceana® Cluster 3 certificate includes the following:

  • CN Common Name = Avaya Oceana® Cluster 3 FQDN

  • SAN DNS Name = Avaya Oceana® Cluster 3 Node 1 Management FQDN

  • SAN DNS Name = Avaya Oceana® Cluster 3 Node 1 SIP FQDN

  • SAN DNS Name = Avaya Oceana® Cluster 3 Node 2 Management FQDN

  • SAN DNS Name = Avaya Oceana® Cluster 3 Node 2 SIP FQDN