Loading and managing site certificate

Last Updated : Aug 08, 2023 |

About this task

Site certificates are used by the onsite technicians not having access to the Avaya network to generate a response to the Enhanced Access Security Gateway (EASG) challenge. The technician will generate and provide the site certificate to the customer. The customer must load this site certificate on each server (AVP Host) and virtual machine that the technician needs to access. Once this is done the technician can use EASG Site Manager to login with the EASG challenge. After the technician is done the customer can remove the site certificate from the server or they will be removed by the EASG software after the site certificate expires (~15 days later).

You can load a site certificate using EASGSiteCertManage --add <pkcs7_file_path> . You will need to specify a Site Authentication Factor (SAF). The SAF must be provided to the technician and is also used by EASG Site Manager to generate a response to the EASG challenge.

Before you begin

Customers must complete the following before loading and managing site certificates:

  • Have a valid login and password.

  • Use a tool such as WinSCP. Log in using a customer login, for example cust. Copy the certificate to  /home/cust directory (where cust is the customer directory).

  • Use a 10 to 20 character Site Authentication Factor (SAF) for instance 12345abcwxyz.

  • Be familiar with CLI type shell commands.

Procedure

  1. Log in to a Linux® shell by using the customer account.

    The customer account is created during the deployment procedure.

  2. To manage site certificates, type the following command: 
    [cust@host ~]$  EASGSiteCertManage --add johndoe.p7b 
You are about to install this site certificate into your trusted repository:
Technician Name: johndoe
Expiration Date: Nov 10 17:02:15 2016 GMT
Do you want to continue [yes/no]? yes
Please enter a site authentication factor (SAF) for the technician to use when getting access to your machine. The SAF is alphanumeric with at least 10 characters and no more than 20 characters.
  Please enter your SAF:  Site Authentication Factor
  Please confirm your SAF: Site Authentication Factor
Site Certificate installed successfully.

    Save the Site Authentication Factor to share with the technician once on site.

  3. To display information about a site certificate, type the following command with the name of a valid site certificate: 
    [cust@host ~]$ EASGSiteCertManage --show johndoe.p7b
Subject:        CN=Avaya Technician johndoe, OU=EASG, O=Avaya LLC 
User Name:      johndoe 
Expiration:     Nov 10 17:02:15 2016 GMT 
Trust Chain:
    1. O=Avaya, OU=IT, CN=AvayaITrootCA2
    2. DC=com, DC=avaya, DC=global, CN=AvayaITserverCA2
    3. O=Avaya LLC, OU=EASG, CN=EASG Intermediate CA
    4. CN=Site EASG Intermediate CA, OU=EASG, O=Avaya LLC
    5. CN=Avaya Technician johndoe, OU=EASG, O=Avaya LLC
  4. To remove a site certificate, type the following command with the name of a valid site certificate: 
    [cust@host ~]$ EASGSiteCertManage --delete johndoe.p7b
Successfully removed Site Cert: johndoe.p7b