Controller Certificate Management
Use the CoPilot > Settings > Configuration > General page for Controller certificate management.
The Aviatrix Controller uses a self-signed certificate by default. That is why you see "Not Secure" in the browser. You can make the Controller more secure by importing a signed certificate.
There are two methods to accomplish this:
-
Generate CSR and Import Certificate: This is the preferred and more secure method.
-
Import a Certificate with Key
Certificates and keys must be in PEM format. You should not use spaces or special characters in the certificate or key file names. |
Generate Certificate Signing Request and Upload Certificate
-
On the Controller Certificate card, select Generate Certificate Signing Request and Upload Certificate.
-
On the Upload New Certificate Card, click Generate Request.
-
Enter the Fully Qualified Domain Name (FQDN) of the Controller.
-
Click Download. The CSR is downloaded to your local host.
-
Upload the CSR to a trusted Certificate Authority (CA) and obtain a signed CA certificate and a Server certificate.
-
On the Controller Certificate card, once more select Generate Certificate Signing Request and Upload Certificate.
-
Click Upload Certificate.
-
Select the CA Certificate.
-
Select the Server Public Certificate.
-
Click Upload.
Upload Certificate with Key
-
On the Controller Certificate card, select Upload Certificate with Key.
-
Use SSH on a Linux or macOS device and run the following command to create the private key:
$cmd openssl genrsa -out my_priv.key 4096
-
Create the CSR by running the following command and filling out the necessary information for your company. Leave the password blank.
$cmd openssl req -new -sha256 -key my_priv.key -out controller.csr
-
Copy the CSR.
-
Upload the CSR to your Certificate Authority (for example, GoDaddy.com > SSL > Certificates > Your Desired Domain Name > Rekey & Manage > Re-Key Certificate) by pasting the CSR into the Entry field.
-
Retrieve the certificate (for example, GoDaddy.com > SSL > Certificates > Your Desired Domain Name > Download).
-
Wait for the CSR to respond with the certificates.
-
Download the certificates.
-
On the Controller Certificate card, select Upload Certificate with Key and upload the following:
-
CA Certificate
-
Server Public Certificate
-
Server Private Key
-
-
Click Save.