Controller Certificate Management¶
The Aviatrix Controller uses a self-signed certificate by default. That is why you see “Not Secure” In the browser. You can make it secure by importing a signed certificate. This documentation outlines the Import a Certificate with Key method. This example utilizes Godaddy as the CA. However, steps 1 and 3 should be universal for any certificate provider.
Import a Certificate with Key¶
Create Private Key and Certificate Signing Request¶
- Log into SSH on a Linux or macOS device and run the following command to create the private key:
mymac$ openssl genrsa -out my_prv.key 4096
- Create the CSR:
- Run the following command and fill out the necessary information as it relates to your company.
- Leave the password blank.
mymac$ openssl req -new -sha256 -key my_prv.key -out controller.csr
Upload the CSR to Go Daddy and Retrieve the Certificates¶
- Upload the CSR.
Site Path: GoDaddy.com > SSL > Certificates > Your Desired Domain Name > Rekey & Manage > Re-Key Certificate
- Paste the Certificate Signing Request (CSR) into the entry field.
- Retrieve the Certificate:
Site Path: GoDaddy.com > SSL > Certificates > Your Desired Domain Name > Download
- Wait for GoDaddy to respond with Certs. This usually takes ten minutes (an email confirmation is sent).
- Download the Certificates.
Uploading the Certificates to the Controller¶
Path: Controller > Certificate > Controller Certificate Management > Import Certificate with Key
- Select “Import Certificate with Key”
- The CA certificate – the file named gd_bundle
- The Server certificate - the other file ending in .crt
- The Private Key – the file produced in step 1 of this documentation
The Controller signed certificate procedure is complete.
- If a certificate is already present on the Controller you must disable “Import Certificate” before uploading the new certificates, otherwise an error occurs.
- The Controller will perform a validity check between the Server Certificate and the Private Key.