User's Manual

Avaya Branch Gateway Manager 10.0 Page 81

15-601011 Issue 29r (Friday, November 02, 2012)B5800 Branch Gateway

Security Mode: Editing Security Settings

3.5.2.3 Certificates

Services between the system and applications may, depending on the settings of the service being used for the

connection, require the exchange of security certificates. The system can either generate its own certificate or certificates

provided from a trusted source can be loaded.

· ! WARNING

The process of 'on-boarding' (refer to the Avaya Branch Gateway Installation manual and the IP Office SSL

VPN Solutions Guide) automatically adds a certificate for the SSL VPN to the system's security settings when

the on-boarding file is uploaded to the system. Care should be taken not to delete such certificates except

when advised to by Avaya.

· Identity Certificate: Default = None.

The Identity Certificate is an X.509v3 certificate that identifies the system to a connecting client device (usually a PC

running a application). This certificate is offered in the TLS exchange when the system is acting as a TLS server, which

occurs when accessing a secured service. By default the system's own self-generated certificate is used (see notes

below), but Set can be used to replace this with another certificate.

· The certificate may be generated by the system itself, and can take up to 5 minutes to generate. This occurs

when any of the Service Security Level is set to a value other than Unsecure Only. During this time, normal

system operation is suspended.

· Set

Set the current certificate and associated private key. The certificate and key must be a matching pair. The

source may be:

· Current User Certificate Store.

· Local Machine Certificate Store.

· File in PKCS#12 (.pfx), DER (.cer), or password protected DER (.cer) format.