You can generate a new server certificate to replace the current internally-signed Lenovo XClarity Orchestrator server certificate or to reinstate an XClarity Orchestrator-generated certificate if XClarity Orchestrator currently uses a customized externally-signed server certificate. The new internally-signed server certificate is used by XClarity Orchestrator for HTTPS access.
About this task
The server certificate that is currently in use, whether internally-signed or externally-signed, remains in use until a new server certificate is regenerated and signed.
When the server certificate is modified, all established user sessions must accept the new certificate by clicking Ctrl+F5 to refresh the web browser and then re-establish their connection to XClarity Orchestrator.
Procedure
To generate an internally-signed XClarity Orchestrator server certificate, complete the following steps.
- From the XClarity Orchestrator menu bar, click , and then click Server Certificate in the left navigation to display the Regenerate Server Certificate card.
- From the Regenerate Server Certificate card, fill in the fields for the request.
- Two-letter ISO 3166 code for the country or region of origin to associate with the certificate organization (for example, US for the United States)
- Full name of the state or province to associate with the certificate (for example, California or New Brunswick)
- Full name of the city to associate with the certificate (for example, San Jose). The length of the value cannot exceed 50 characters.
- Organization (company) to own the certificate. Typically, this is the legally incorporated name of a company. It should include any suffixes, such as Ltd., Inc., or Corp (for example, ACME International Ltd.). The length of this value cannot exceed 60 characters.
- (Optional) Organization unit to own the certificate (for example, ABC Division). The length of this value cannot exceed 60 characters.
- Common name of the certificate owner. Typically, this is the fully-qualified domain name (FQDN) or IP address of the server that uses the certificate (for example, www.domainname.com or 192.0.2.0). The length of this value cannot exceed 63 characters.
- Date and time when the server certificate is no longer valid.
You cannot change the subject alternative names when regenerating the server certificate.
- Click Regenerate Certificate to regenerate the internally-signed certificate, and then click Regenerate Certificate to confirm.
- Accept the new certificate by pressing Ctrl+F5 to refresh the browser and then re-establishing your connection to the web interface. This must be done by all established user sessions.
After you finish
You can perform the following actions from the Regenerate Server Certificate card.
- Save the current server certificate to your local system in PEM format by clicking Save Certificate.
- Regenerate the server certificate using default setting by clicking Reset Certificate. When prompted, press Ctrl+F5 to refresh the browser, and then re-establish your connection to the web interface.
) > Security, and then click Server Certificate in the left navigation to display the Regenerate Server Certificate card.