Controller Certificate Management

Use the CoPilot > Settings > Configuration > General page for Controller certificate management.

The Aviatrix Controller uses a self-signed certificate by default. That is why you see "Not Secure" in the browser. You can make the Controller more secure by importing a signed certificate.

There are two methods to accomplish this:

  • Generate CSR and Import Certificate: This is the preferred and more secure method.

  • Import a Certificate with Key

Certificates and keys must be in PEM format.

You should not use spaces or special characters in the certificate or key file names.

Generate Certificate Signing Request and Upload Certificate

  1. On the Controller Certificate card, select Generate Certificate Signing Request and Upload Certificate.

  2. On the Upload New Certificate Card, click Generate Request.

  3. Enter the Fully Qualified Domain Name (FQDN) of the Controller.

  4. Click Download. The CSR is downloaded to your local host.

  5. Upload the CSR to a trusted Certificate Authority (CA) and obtain a signed CA certificate and a Server certificate.

  6. On the Controller Certificate card, once more select Generate Certificate Signing Request and Upload Certificate.

  7. Click Upload Certificate.

  8. Select the CA Certificate.

  9. Select the Server Public Certificate.

  10. Click Upload.

Upload Certificate with Key

  1. On the Controller Certificate card, select Upload Certificate with Key.

  2. Use SSH on a Linux or macOS device and run the following command to create the private key:

    $cmd openssl genrsa -out my_priv.key 4096
  3. Create the CSR by running the following command and filling out the necessary information for your company. Leave the password blank.

    $cmd openssl req -new -sha256 -key my_priv.key -out controller.csr
  4. Copy the CSR.

  5. Upload the CSR to your Certificate Authority (for example, GoDaddy.com > SSL > Certificates > Your Desired Domain Name > Rekey & Manage > Re-Key Certificate) by pasting the CSR into the Entry field.

  6. Retrieve the certificate (for example, GoDaddy.com > SSL > Certificates > Your Desired Domain Name > Download).

  7. Wait for the CSR to respond with the certificates.

  8. Download the certificates.

  9. On the Controller Certificate card, select Upload Certificate with Key and upload the following:

    • CA Certificate

    • Server Public Certificate

    • Server Private Key

  10. Click Save.