Print

Requesting and installing the server certificate

About this task

The server certificate you are installing is based on the Windows 2008 Enterprise CA server certificate template you created when you completed the procedure Creating Version 3 (Windows Server 2008) Certificate Templates for Server Certificates)

Follow these steps to request and install the server certificate on the Avaya Application Enablement Services Server.

Procedure

  1. On the Microsoft OCS server, start your Web browser, and log in to the Avaya Application Enablement Services Management Console.
  2. From the main menu of the AE Services management console, select Security > Certificate Management > Server Certificates.
  3. From the Server Certificates page, click Add.
  4. Follow these steps to complete the Add Server Certificate page.
    1. In the Certificate Alias field, select a certificate alias (for example aeservices).
    2. In the Password field enter an arbitrary password.
    3. In the Re-enter Password field, type the password again.
    4. In the Distinguished Name field, type the distinguished name attributes for your AE Services Server, as follows:CN=AE_Server_FQDN,OU=Department,O=Company,L=City,S=State,C=Country/Region

      For example:CN=msavaes1.sitlms.net,OU=SITL,O=Avaya,L=Lincroft,S=New Jersey,C=US

    5. Leave the other fields at the defaults, and click Apply.
  5. From the main menu of the AE Services management console, select Security > Certificate Management > Server Certificates > Pending Requests.
  6. From the Pending Server Certificates Request page, select the certificate, and click Manual Enroll.
  7. On the Server Certificate Manual Enrollment Request page, copy the entire contents of the Certificate Request PEM text box, and paste it into a text file, for example goblin1.txt
  8. On Windows 2008 Enterprise CA server, click Start > Run.
  9. In the Run dialog box, type cmd and click OK
  10. At the command prompt, type the following command:certreq -attrib CertificateTemplate:<template name>
  11. Press Enter.
  12. From the Open Request File window, select the file you created previously, for example, goblin1.

    The system displays the Select Certification Authority window that lets you select the CA that will issue the certificate.

  13. Select the issuing CA, for example dmccdev4, and click OK.

    The system displays the Save Certificate window.

  14. In the Save Certificate window, type the file name, for example goblin1.cer, and click Save to save the file to your local machine.
  15. From the main menu of the Avaya AE Services Management Console, click Security > Certificate Management > Server Certificate > Pending Requests.
  16. From the Pending Requests Certificate Requests page, select the alias for the certificate request created for aeservices and click Manual Enroll.
  17. From the Server Certificate Manual Enrollment Request page, click on Import.

    Your browser displays the Server Certificate Import page.

  18. Complete the Server Certificate Import page as follows:
    1. In the Certificate Alias field select the same Certificate Alias, aeservices (For default this step can be skipped).
    2. Ensure that the Establish Chain of Trust checkbox is checked.
    3. Load the saved file; for example, goblin1.cer.
    4. Click Apply.

      If the import is successful, your browser redisplays the Server Certificate Import page with following message: Certificate imported successfully

    Figure 1. Certificates in a load-balancing scenario
    Certificatesinaload-balancingscenario