AVAYA DOCUMENTATION CENTER
Find answers to your technical questions and learn how to use our products
No results found
Search suggestions:
- Use fewer tags and filters.
- Use different search terms.
Filters
AVAYA DOCUMENTATION CENTER
Find answers to your technical questions and learn how to use our products
No results found
Search suggestions:
- Use fewer tags and filters.
- Use different search terms.
Filters
Administering Avaya Session Border Controller
TLS certificates field descriptions
Last Updated : Dec 06, 2024 |
Certificates tab
Name |
Description |
|---|---|
Installed Certificates |
Some Certificate Authority (CA) signed certificate or self-signed certificate. This certificate is incorporated into a server certificate profile and sent to clients to set up a TLS connection.
Note:
All certificates, certificate authorities, and certificate revocation lists uploaded to the EMS must be valid X.509 certificates in the PEM format. Certificates not in this format might be converted using a proper SSL tool, such as the publicly available OpenSSL tool. You can access this tool from: |
Installed CA Certificates |
The unsigned public key certificates from a Certificate Authority (CA), which vouch for the correctness of the data contained in a certificate and verify the signature of the certificate. |
Installed Certificate Revocation Lists |
The Certificate Revocation Lists (CRLs) that contain the serial numbers of CSRs that have been revoked, or are no longer valid, and should not be relied upon by any system subscriber. |
Installed Certificate Signing Requests |
The installed certificate signing requests on the system. |
Installed Keys |
The installed keys for third party certificates. |
Install Certificate
Name |
Description |
|---|---|
Type |
The type of certificate that you want to install. The options are:
|
Name |
The name of the certificate that you want to install. This field is optional, and if not specified, the filename of the uploaded certificate is used as the certificate name. Additionally, specifying a name same as another certificate will overwrite the existing certificate with the one being uploaded. |
Overwrite Existing |
An option to control whether uploading a certificate with the same name is permitted. If this field is cleared, uploading a certificate with the same name as another certificate causes failure. If this field is selected, when you upload a certificate with the same name overwrites an existing certificate. |
Allow Weak Certificate/Key |
An option to permit usage of a weak private keys. This option bypasses the check that requires strong private keys. By default, private keys with a key size less than 2048 bits, signed with a SHA-1 or MD5 based hash, or no key usage extension or extended key usage extension, will be rejected. |
Certificate File |
The location of the certificate on your system. Depending on your browser, click Browse or Choose file to browse for the file. If the third party CA provides separate Root CA and Intermediate certificates, you must combine both files into a single certificate file for Avaya SBC. To combine the files, add the contents of each certificate file one after the other, with the root certificate at the end. |
Trust Chain File |
The trust chain file used to verify the authenticity of the certificate. Depending on the browser, click Browse or Choose File to locate the file. |
Key |
The private key that you want to use. You can opt to use the ilexisting key from the filesystem or select a file containing another key. |
Key File |
This field is available when you select Upload Key File in the Key field. Depending on the browser, click Browse or Choose File to locate the file. |
Key Passphrase |
This field is available when you select Upload Key File in the Key field. A key passphrase is used to to protect the key file while installing certificates. You must use the same passphrase in the Key Passphrase which you created while creating the third party certificate. For successful encryption of the key, Avaya recommends not to use the dollar sign ($) in Key Passphrase. |
Generate CSR
Name |
Description |
|---|---|
Country Name |
The name of the country within which the certificate is being created. |
State/Province Name |
The state/province where the certificate is being created. |
Locality Name |
The locality (city) where the certificate is being created. |
Organization Name |
The name of the company or organization creating the certificate. |
Organizational Unit |
The group within the company or organization creating the certificate. |
Common Name |
The name used to refer to or identify the company or group creating the certificate. It is recommended not to use wildcard (*) character in this field. |
Algorithm |
The hash algorithms (SHA256) to be used with the RSA signature algorithm. |
Key Size (Modulus Length) |
The certificate key length (2048 or 3072) in bits. |
Key Usage Extension(s) |
The purpose for which the public key might be used: Key Encipherment, Non-Repudiation, Digital Signature. The Digital Signature and Key Encipherment options are selected by default. |
Subject Alt Name |
An optional text field to further identify the certificate. You can provide multiple comma-separated entries in this field. You can make a maximum of 10 Subject Alt Name entries. Avaya SBC supports DNS hostname, IP address and SIP domain name as valid entries for Subject Alt Name field. Avaya SBC does not support SIP URI as a valid value for the Subject Alt Name field. Though wildcard (*) character is supported in this field, it is recommended not to use this character. Example of supported format: DNS:.test.com Examples of unsupported formats: DNS:* DNS:*.com |
Passphrase |
The password to encrypt the private key. |
Confirm Passphrase |
A verification field for the Passphrase. |
Contact Name |
The name of the point-of-contact within the issuing organization for issues related to the certificate. |
Contact E-mail |
The contact's e-mail address. |