Generating a new self-signed certificate

If your current self-signed certificate expires or is about to expire, you can generate a new self-signed certificate for the system by using the management GUI or command-line interface (CLI).

Note: Changing the system certificate changes the trust that any configured key servers have in the cluster. Reestablish key server trust in the cluster by exporting the cluster certificate to the key servers.

In the management GUI, select Settings > Security > Secure communications and select self-signed certificate and complete the form.

Use the following steps to generate a self-signed certificate in the command-line interface:

To create a self-signed certificate that uses RSA 2048 key type and expires in one year, enter the following command: 
chsystemcert -mkselfsigned -keytype rsa2048 -validity 365
After the self-signed certificate is created, it is automatically installed on the system.

Other values can be specified such as country, organization, or common name. View the details on this command for a complete description of all the parameters.

Parent topic: Managing certificates for secure communications