From System Manager Release 10.1.0.1 onwards, you can use the newly added command to renew the System Manager Identity (Server) certificates. The System Manager Certificate Authority (CA), the System Manager subordinate CA (SubCA), or a third-party CA (EJBCA) can sign the System Manager Identity certificates.

Run the certificate renewal command to issue new System Manager CA issued Identity certificates for all System Manager services. The new System Manager CA issued Identity certificates are valid for 730 days or from the time the command runs till the System Manager CA expiry date, whichever is lesser.

Use the certificate renewal command only if certificate management is not possible through Services > Inventory > Manage Elements on the primary System Manager. The best practice is to perform all the certificate management operations from the System Manager web console.

In System Manager configured with Geographic Redundancy, if the primary and secondary System Manager certificates expire, you must first renew the certificates on the primary System Manager. Before you renew the certificates on the secondary System Manager, ensure that the primary System Manager web console is up and running and you can log in. If there are expired certificates on the secondary System Manager, you cannot issue the secondary System Manager certificates from the primary System Manager web console.

You can find the certificate renewal command logs at the following location: /var/log/Avaya/ folder

You can run the certificate renewal command with the -FORCE argument or without any arguments.