Skip to main content

Regenerating the self-signed server certificate for XClarity Management Hub for edge-client devices

You can generate a new server certificate to replace the current self-signed Lenovo XClarity Management Hub server certificate or to reinstate a XClarity Management Hub-generated certificate if XClarity Management Hub currently uses a customized externally-signed server certificate. The new self-signed server certificate is used by XClarity Management Hub for HTTPS access.

Before you begin

Attention
If you regenerate the XClarity Management Hub server certificate using a new root CA, XClarity Management Hub loses its connection to the managed devices, and you must re-manage the devices. If you regenerate the XClarity Management Hub server certificate without changing the root CA (for example, when the certificate is expired), there is no need to re-manage the devices.

About this task

The server certificate that is currently in use, whether self-signed or externally-signed, remains in use until a new server certificate is generated, signed, and installed.

Important
When the server certificate is modified, the management hub is restarted, and all user sessions are ended. Users must log back in to continue working in the web interface.

Procedure

To generate a self-signed XClarity Management Hub server certificate, complete the following steps.

  1. From the XClarity Management Hub menu bar, click Security (Security icon) > Server Certificate to display the Regenerate Self-Signed Server Certificate card.

    Regenerate Server Certificate card
  2. From the Regenerate Self-Signed Server Certificate card, fill in the fields for the request.
    • Two-letter ISO 3166 code for the country or region of origin to associate with the certificate organization (for example, US for the United States).
    • Full name of the state or province to associate with the certificate (for example, California or New Brunswick).
    • Full name of the city to associate with the certificate (for example, San Jose). The length of the value cannot exceed 50 characters.
    • Organization (company) to own the certificate. Typically, this is the legally incorporated name of a company. It should include any suffixes, such as Ltd., Inc., or Corp (for example, ACME International Ltd.). The length of this value cannot exceed 60 characters.
    • (Optional) Organization unit to own the certificate (for example, ABC Division). The length of this value cannot exceed 60 characters.
    • Common name of the certificate owner. Typically, this is the fully-qualified domain name (FQDN) or IP address of the server that uses the certificate (for example, www.domainname.com or 192.0.2.0). The length of this value cannot exceed 63 characters.
      Note
      Currently, this attribute has no affect the certificate.
    • Date and time when the server certificate is no longer valid.
      Note
      Currently, these attributes have no affect the certificate.
    Note
    You cannot change the subject alternative names when regenerating the server certificate.
  3. Click Regenerate Self-Signed Server Certificate to regenerate the self-signed certificate, and then click Regenerate Certificate to confirm.
    The management hub is restarted, and all established user sessions are ended.
  4. Log back in to the web browser.

After you finish

You can perform the following actions from the Regenerate Self-Signed Server Certificate card.

  • Save the current server certificate to your local system in PEM format by clicking Save Certificate.
  • Regenerate the server certificate using default setting by clicking Reset Certificate. When prompted, press Ctrl+F5 to refresh the browser, and then re-establish your connection to the web interface.