Creating a new self-signed certificate for Management Center
search cancel

Creating a new self-signed certificate for Management Center

book

Article ID: 248970

calendar_today

Updated On:

Products

Management Center Management Center - VA

Issue/Introduction

There maybe instances where administrator wanted to replace default certificate presented by Management-Center to manage devices or UI (8082). 

This article discuss creating a self-signed certificate in management center. 

If intent is to create/import a Management Center certificate signed by your internal PKI, refer to article 184735

Environment

Management Center running 3.x and later

Component: Certificate.

Resolution

Regenerate a new self signed certificate

mc14# ssl regenerate certificate default subject C=US,ST=CA,O=Symantec,CN=mc14.example.com alternative-names 192.168.100.20

A certificate already exists for keyring default. Would you like to replace it? (yes/no) [no]: yes
  ok


To view the newly self-signed certificate:

mc14# ssl view keyring default                                                                    

Keyring ID:                 default
Private key showability:    show
Key type:                   RSA
Key size:                   2048 bits
Signing request:        present
Certificate:                present
Certificate subject:        C=US,ST=CA,O=Symantec,CN=mc14.example.com
Subject alternative name:   IP Address:192.168.100.20
Certificate issuer:         C=US,ST=CA,O=Symantec,CN=mc14.example.com
Certificate valid from:     Mar 30 16:36:51 2023 GMT
Certificate valid to:       Mar 30 16:36:51 2025 GMT
Certificate thumbprint:     1B:F7:42:E3:63:90:6A:C3:DE:51:13:9B:BF:99:D0:E3:42:16:CD:59

mc14#

 

Additional Information

Optional:

Prior regenerating the default certificate, you could backup current certificate information:

E.g.

1. Backup current subject info by view keyring default command, save output Certificate subject: 

mc14# ssl view keyring default
Keyring ID:                 default

Certificate subject:        C=US,ST=CA,L=Mountain View,O=Symantec Management Center,OU=002669XXXX,CN=host or fqdn <--
Subject alternative name:   IP Address:XXX.XXX.XXX.XXX
Note: Here OU=002669XXXX means the Organizational unit and CN=XXX.XXX.XXX.XXX is the command name which can be your IP address, host or  fqdn.

2. Backup certificate default

mc14# ssl view certificate default

save output "BEGIN CERTIFICATE" to "END CERTIFICATE"
-----BEGIN CERTIFICATE-----
MIID9jCCAt6gAwIBAgIJAMvulXSL+dYhMA0GCSqGSIb3DQEBCwUAMHsxCzAJBgNV


1xtvWSUUNfN3gMNFaA+7
-----END CERTIFICATE-----

3. Backup the private key for default.

mc14# ssl view keypair default

Save output "BEGIN PRIVATE KEY" to "END PRIVATE KEY"
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCinvzRzXNny9Hb


0m8i1L6HYDZ//H9ojCfxEnqDPA==
-----END PRIVATE KEY-----