Skip to main content

Regenerating the self-signed XClarity Management Hub 2.0 server certificate

You can generate a new server certificate to replace the current self-signed Lenovo XClarity Management Hub 2.0 server certificate or to reinstate a management-hub-generated certificate if XClarity Management Hub 2.0 currently uses a customized externally-signed server certificate. The new self-signed server certificate is used by the management hub for HTTPS access.

Attention
  • If you regenerate the management-hub server certificate using a new root CA, XClarity Management Hub 2.0 loses its connection to the managed devices, and you must re-manage the devices. If you regenerate the management-hub server certificate without changing the root CA (for example, when the certificate is expired), there is no need to re-manage the devices.

  • The self-signed certificate is not secure. You are advised to generate and install your own externally-signed certificate (see Installing a trusted, externally-signed XClarity Management Hub 2.0 server certificate).

  • You cannot change the subject alternative names when regenerating the self-signed server certificate.

Server-certificate validity period

The server certificate that is currently in use, whether self-signed or externally-signed, remains in use until a new server certificate is generated, signed, and installed. By default, the server certificate expires after 365 days. To customize the validity period, complete the following steps.

  1. Click Certificates from the context menu on the Security view.

  2. In the Regenerate Self-signed Server Certificate panel, change the number in the Days field..

Default self-signed server certificate

To regenerate a self-signed server certificate using default values, complete the following steps.

  1. Click Certificates from the context menu on the Security view.

  2. In the Regenerate Self-signed Server Certificate panel, click Reset Certificate.

Custom self-signed server certificate

To regenerate a self-signed server certificate using custom values, complete the following steps.

  1. Click Certificates from the context menu on the Security view.

  2. In the Regenerate Self-signed Server Certificate panel, provide values in each field, and then click Regenerate Certificate.

    • Organization is typically the legally incorporated name of a company that owns the certificate. Include suffixes, such as Ltd., Inc., or Corp (for example, ACME International Ltd.).

    • Organization unit is the division in the company that owns the certificate (for example, ABC Division).

    • Common name is typically the host name, fully-qualified domain name (FQDN), or IP address of the server that uses the certificate (for example, www.domainname.com or 192.0.2.0). The length of this value cannot exceed 63 characters.

Root certificate authority

You can regenerate the root certificate authority (CA) using the management hub IP address and FQDN settings. When you regenerate the root CA for the management hub, the HTTPS certificate for each device that is managed by the hub is also regenerated.

To regenerate the root CA, complete the following steps.
  1. Click Certificates from the context menu on the Security view.

  2. In the Root certificate authority (CA) panel, provide values in each field, and then click Reset Root CA.

You can download the root CA to your local system by clicking Download root CA.