Management, Postgres, Syslog, and SPIRIT identity certificates attributes

Last Updated : Aug 21, 2020 |

Generate the Management, Postgres, Syslog or the SPIRIT identity certificates or all with the following X509v3 extensions and attributes:

Attributes	Value	Required
Subject	`CN={session-manager-fqdn}`	Required
Validity	`validity period`	Required
Authority Key Identifier	`hash`	Required
Subject Key Identifier	`hash`	Recommended
Key Usage	`digitalSignature` `nonrepudiation` `keyEncipherment` `dataEncipherment` `keyAgreement`	Required Required Required Required Required
Extended Key Usage	`id-kp-serverAuth = 1.3.6.1.5.5.7.3.3.1` `id-kp-clientAuth = 1.3.6.1.5.5.7.3.3.2`	Required Required
Authority Information Access	`OCSP - URI:http://{ocsp-server}{:ocsp-port}{/ocsp-path}`	Optional
CRL Distribution Points	`URI:http://{crl-server}{:crl-port}{/crl-path}` `URI:ldap://{crl-server}{:crl-port}{/crl-dn}`	Recommended Recommended

Authority Key Identifiers are required elements in end entity certificates to accurately establish the trust chain. The URLs and DNs used to identify the location of CRLs in LDAP directories are complex. Therefore, entities configuring or consuming them must handle characters as defined by the LDAP URI specification in RFC 4516.

Send Feedback

AVAYA DOCUMENTATION CENTER

No results found

AVAYA DOCUMENTATION CENTER

No results found

Administering Avaya Aura® Session Manager

Management, Postgres, Syslog, and SPIRIT identity certificates attributes