For an HA pair, the certificate and key are uploaded to the primary device and synchronized to the secondary device. However, if you add a new certificate and key on the EMS, you must manually click Synchronize to HA Peer to so that the certificate and keys are synchronized onto the secondary device.
Procedure
Log in to the EMS web interface with administrator credentials.
From the Device menu, click the SBC name to administer.
Navigate to TLS Management > Certificate.
Click Generate CSR.
Enter appropriate information in the Generate CSR screen, and click Generate CSR.
If you have any other method available, you need not generate CSR using the Avaya SBC EMS web interface.
Use the following settings if you want to generate CSR using alternate methods:
Certificate: keyUsage = keyEncipherment
Private Key: SHA256 with 2048–bit size
These settings are generated automatically when you generate CSR using the Avaya SBC EMS web interface.
If you generate CSR using the Avaya SBC EMS web interface, download the CSR to your computer.
Send the CSR to the Certificate Authority (CA) for signing.
The CA signs the CSR by using the methods that are acceptable at the site.
Next Steps
Upload the signed X.509 certificate, the key file, and the trust chain, if necessary, to the EMS through the EMS GUI.
