Skip to main content

Regenerating an internally signed Lenovo SDI Management Platform server certificate

You can generate a new server certificate to replace the current internally-signed Lenovo SDI Management Platform server certificate to reinstate the Lenovo SDI Management Platform-generated certificate if Lenovo SDI Management Platform currently uses a customized externally-signed server certificate. The new internally signed server certificate is used by Lenovo SDI Management Platform for HTTPS access.

About this task

The server certificate that is currently in use, whether internally signed or externally signed, remains in use until a new server certificate is regenerated and signed.

Important When the server certificate is modified, all established user sessions must accept the new certificate by clicking Ctrl+F5 to refresh the web browser and then re-establish their connection to Lenovo SDI Management Platform. :::

Procedure

To generate an internally signed Lenovo SDI Management Platform server certificate, complete the following steps:

  1. From the Lenovo SDI Management Platform menu bar, click Administration () > Security, and then click Services Certificates in the left navigation bar to display the Regenerate Server Certificate card.

  2. From the Regenerate Server Certificate card, fill in the fields for the request. Two-letter ISO 3166 code for the country or region of origin to associate with the certificate organization (for example, US for the United States)

  • Full name of the state or province to associate with the certificate (for example, California or New Brunswick)

  • Full name of the city to associate with the certificate (for example, San Jose). The length of the value cannot exceed 50 characters.

  • Organization (company) to own the certificate. Typically, this is the legally incorporated name of a company. It should include any suffixes, such as Ltd., Inc., or Corp (for example, ACME International Ltd.). The length of this value cannot exceed 60 characters.

  • (Optional) Organization unit to own the certificate (for example, ABC Division). The length of this value cannot exceed 60 characters.

  • Common name of the certificate owner. Typically, this is the fully-qualified domain name (FQDN) or IP address of the server that uses the certificate (for example, www.domainname.com or 192.0.2.0). The length of this value cannot exceed 63 characters.

  • Date and time when the server certificate is no longer valid. :::note Note: You cannot change the subject alternative names when regenerating the server certificate. :::

  1. Click Regenerate Certificate to regenerate the internally signed certificate, and then click Regenerate Certificate to confirm.
  2. Accept the new certificate by pressing Ctrl+F5 to refresh the browser and then re-establishing your connection to the web interface. This must be done by all established user sessions.

After you finish

You can perform the following actions from the Regenerate Server Certificate card.

  • Save the current server certificate to your local system in PEM format by clicking Save Certificate.

  • Regenerate the server certificate using the default setting by clicking Reset Certificate. When prompted, press Ctrl+F5 to refresh the browser, and then re-establish your connection to the Web interface.