Management Center (MC) uses the self-signed certificate on the management web interface by default. MC version 2.x and above supports creating keyring (private key), signing-request and importing signed certificate. It also support importing private key and signed certificate created offbox.
Note: commands presented on this article is applicable on 2.x and 3.x.
With self-signed certificate the customer gets the browser error complaining about the untrusted certificate
Same procedure applies Reporter versions 10.6 and Reporter 11
All browsers come with a certificate trust store that has all public root Certificate Authorities (CA). Since Management Center default certificate is self-signed the customer can eliminate the browser untrusted certificate issue by using a certificate signed by their trusted CA.
Note: Suggest to create temporary keyring such as "sslkey" or any name you prefer. Once you understood the overall process of given steps below, you can easily overwrite the keyring and certificate named "default"
Creating keyring, signing-request and importing signed certificate 1 . On this example, we will use a temporary keyring named "sslkey".
$openssl rsa -noout -modulus -in sslkey7.key | openssl md5
$openssl x509 -noout -modulus -in sslkey7.pem | openssl md5
$grep BEGIN sslkey7.key sslkey7.pem
sslkey7.key:-----BEGIN PRIVATE KEY-----
- To include other attributes to the CSR fields, please refer to the below, as a guide.
MgmtCtr(config-ssl)# ssl create signing-request sslkey subject "C=US,ST=CA,OU=IT,L=New York,O=Example Company,CN=managementcenter.local,[email protected]" alternative-names 10.0.0.1