Use this procedure to change the TLS certificate presented to the user when logging in to the EMS and SBC management GUI. This task applies to both the management GUI on EMS as well as the management interface on the SBC servers.
Note:
You do not have to encrypt any certificates installed through EMS.
Set up the certificate with the following parameters:
Either the primary management IP or a DNS name that points to the EMS management IP must be administered.
Both the Common Name and the Subject Alt Name must have the same name administered.
Before you begin
Ensure that you have an X.509 certificate signed by a trusted CA. This certificate must have the primary management IP of the EMS set as the Common Name or Subject Alt name.
RSA private keys must be equal to or greater than 2048-bit. Avaya SBC supports certificates with 2048-bit or 4096-bit keys.
Procedure
Copy the PEM-encoded certificate and associated private key to the EMS server.
Navigate to the directory where you saved the copy of the certificate and private key.
Login with root credentials and type install-nginx-certificate path-to-certificate-filepath-to-key-file.
Here, path-to-certificate-file is the path where the certificate file is uploaded, and path-to-key-file is the path where the RSA private key is uploaded.
If any errors occur, resolve the issues by following the instructions in the error message.
If the EMS becomes inaccessible, use the ipcs-options command to regenerate a new self-signed certificate for EMS.
