Creating a Certificate Signing Request (CSR) and importing signed certificate in Management Center 2.x
search cancel

Creating a Certificate Signing Request (CSR) and importing signed certificate in Management Center 2.x


Article ID: 171802


Updated On:


Management Center


Management Center introduces the ability to create a certificate signing request via the CLI


A CSR can be generated from the Management Center CLI.  The CSR *MUST* use the default keyring.

SSH to Management Center and login

Enter enable mode (command: enable), and then enter configure terminal mode (command: configure terminal)
Create the certificate signing request.
You *MUST* use the default keyring to create the certificate signing request.  Be sure you know the CSR subject info.  The common name must be the IP address or FQDN of your Management Center appliance.

ssl create signing-request default subject C=US,ST=CA,O=Symantec,CN=MgtCtr01

Steps on CLI:


login as: admin
admin@MgtCtr01's password:

admin connected from using ssh on MgtCtr01
MgtCtr01> en
MgtCtr01# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
MgtCtr01(config)# ssl create keyring sslkey algorithm rsa length 3072 showable yes
MgtCtr01(config)# ssl
MgtCtr01(config-ssl)# create signing-request ?
Description: Available keyrings
Possible completions:
  bluecoat-appliance  default  default_ca  sslkey
MgtCtr01(config-ssl)# create signing-request default ?
Possible completions:
  subject   Certificate subject (e.g."C=US,ST=CA,O=Symantec,CN=example")

MgtCtr01(config-ssl)# create signing-request sslkey
Value for 'subject' (): "C=US,ST=TON,O=Symantec,CN=Test"


View the CSR for export.

Now that the CSR has been created, you can view and copy it from the CLI.  

ssl view signing-request default
You will now see the signing request.  

Installing the certificate.

Since this is going to be the certificate for the Management Center console, it will need to be imported into the default slot.  Use this command from "configure terminal mode" to import the signed certificate:

ssl inline certificate default

You should now be able to paste the certificate into Management Center.

Restart the Management Center services:

system-services restart-management-center