![]() |
With System Manager Solution Deployment Manager and Solution Deployment Manager client, you can establish a certificate-based TLS connection between the Solution Deployment Manager service and a host that is running Avaya Aura® 7.x applications. This provides secure communications between System Manager Solution Deployment Manager or the Solution Deployment Manager client and Appliance Virtualization Platform or ESXi hosts or vCenter.
The certificate-based sessions apply to the Avaya Aura® Virtualized Appliance offer using host self-signed certificates and the customer-provided Virtualization Environment using host self-signed or third-party certificates.
You can check the following with certificate-based TLS sessions:
Certificate valid dates
Origin of Certificate Authority
Chain of Trust
CRL or OCSP state
![]() | Note |
Only System Manager Release 7.1 and later supports OCSP. Other elements of Avaya Aura® Suite do not support OCSP. |
Log Certificate Validation Events
Solution Deployment Manager checks the certificate status of hosts. If the certificate is incorrect, Solution Deployment Manager does not connect to the host.
For the correct certificate:
The fully qualified domain or IP address of the host to which you are connecting must match the value in the certificate SAN or the certificate Common Name and the certificate must be in date.
Appliance Virtualization Platform and VMware ESXi hosts do not automatically regenerate their certificates when host details such as IP address or hostname and domain changes. The certificate might become incorrect for the host.
If the certificate is incorrect:
For the Appliance Virtualization Platform host, Solution Deployment Manager regenerates the certificate on the host and then uses the corrected certificate for the connection.
For the VMware ESXi host or vCenter, the system denies connection. The customer must update or correct the certificate on the host or vCenter.
For more information about updating the certificate, see "Updating the certificate on the ESXi host from VMware".
![]() | Note |
Solution Deployment Manager:
|
With Solution Deployment Manager, you can only accept certificate while adding vCenter. If a certificate changes, the system gives a warning that the certificate does not match the certificate in the trust store on Solution Deployment Manager. You must get a new certificate, accept the certificate as valid, and save the certificate on the system.
To validate certificates, you can open the web page of the host. The system displays the existing certificate and you can match the details.