Certificate Authority (CA)

Last Updated : Dec 10, 2020 |

A Certificate Authority (CA) is a trusted entity that issues digital certificates and public-private key pairs. A CA verifies the identity of an individual or organization before issuing a digital certificate. A CA can be an external (public) or internal (private) entity configured inside an enterprise network. A Certificate Authority is a critical security service in a network.

Every Avaya Oceana® deployment has an Avaya Aura® System Manager deployed, and one of its functions is that of a CA. You can use System Manager's CA to secure the communications between the Avaya Aura® components, Avaya Oceana®, Avaya Breeze® platform, Avaya Analytics™ components, and all the other surrounding components in the solution.

Customers can implement a solution with their own Enterprise CA, either replacing System Manager as the CA or using it as a sub CA. Before attempting to make certificate changes in the deployed solution, you must have a solution level view to understand which network elements are affected. This requires planning and network audits before deploying new certificates.

A certificate change goes through the following four stages:

  • Assessment: Identify and scope the migration work for your network.

  • Planning: Plan and schedule the migration tasks.

  • Migration: The actual migration which includes software upgrades, Trust Certificates deployment, and Identity Certificate deployment.

  • Post-migration: Ongoing audits to avoid certificate expiration.

For public or private CA, the procedures for enabling security and applying the required certificates are almost identical. If you are using a third-party public CA, a third-party vendor certificates require time to be made available and the customer to work with the third-party to obtain the certificates after the correct information about their system is provided. When using third-party CA, configure client authentication and server authentication on the CA for Avaya Analytics™ configuration to work.

Using System Manager as a Root CA means the end customer can perform the certificate creation process themselves. For more details on System Manager as a CA, see the Avaya Aura® System Manager documentation suite.