Generate a new Self-Signed SSL certificate for Management Center

book

Article ID: 170982

calendar_today

Updated On:

Products

Management Center

Issue/Introduction

Management Center's SSL certificate has expired

After upgrade, Management Center no longer has an SSL certificate


 

Resolution

Management Center 1.11.x:

You can simply run a command at the enable prompt to generate a new self-signed certificate.

# security generate-ssl-certificate

 
Management Center 2.x and above:

To generate a new self-signed certificate using Management Center's default key:

From the CLI, enter enable mode, and then configuration mode (command: configure)

Go into SSL mode (command:  ssl)

Delete the existing default certificate if one exists (command: delete certificate default)

Create the new certificate:

Command: create certificate default

The subject of the certificate must contain the serial number as the "organizational unit" or OU.  For statistic monitoring of managed devices to correctly work, the "common name" or "CN" should be configured as Management Center's IP address

example:

ManagementCenter (config-ssl):  create certificate default

Value for 'subject' (): CN=192.168.1.100,OU=123456789,O=Management Center

When you hit enter, you will receive a reply of "ok".  Once you get this, restart Management Center