Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Replace SSL Certificate on Apstra Server with Self-Signed One

When you boot up the Apstra server for the first time, a unique self-signed certificate is automatically generated and stored on the Apstra server at /etc/aos/nginx.conf.d (nginx.crt is the public key for the webserver and nginx.key is the private key.) The certificate is used for encrypting the Apstra server and REST API. It's not for any internal device-server connectivity. Since the HTTPS certificate is not retained when you back up the system, you must manually back up the etc/aos folder. We support and recommend replacing the default SSL certificate.

  1. Back up the existing OpenSSL keys.
  2. If a Random Number Generator seed file .rnd doesn't exist in /home/admin, create one.
  3. Generate a new OpenSSL private key and self-signed certificate.
  4. To load the new certificate, restart the nginx container.