Generate a new Self-Signed SSL certificate for Management Center


Article ID: 170982


Updated On:


Management Center


Management Center's SSL certificate has expired

After upgrade, Management Center no longer has an SSL certificate



Management Center 1.11.x:

You can simply run a command at the enable prompt to generate a new self-signed certificate.

# security generate-ssl-certificate

Management Center 2.x and above:

To generate a new self-signed certificate using Management Center's default key:

From the CLI, enter enable mode, and then configuration mode (command: configure)

Go into SSL mode (command:  ssl)

Delete the existing default certificate if one exists (command: delete certificate default)

Create the new certificate:

Command: create certificate default

The subject of the certificate must contain the serial number as the "organizational unit" or OU.  For statistic monitoring of managed devices to correctly work, the "common name" or "CN" should be configured as Management Center's IP address


ManagementCenter (config-ssl):  create certificate default

Value for 'subject' (): CN=,OU=123456789,O=Management Center

When you hit enter, you will receive a reply of "ok".  Once you get this, restart Management Center