Changing the Avi Controller's default certificate


Avi Controller can be accessed via Avi UI using the default certificate associated (linked) to it, but you will get a warning message regarding certificate mismatch or certificate trust. To avoid the browser warning message while accessing the Avi Controller, install the complete certificate chain matching with the FQDN of the Avi Controller and replace the default Controller certificate with the new certificate.


Follow the steps mentioned in this section to change the default certificate for the Avi Controller, and import or create a new Controller certificate.

Navigate to Templates > Security > SSL/TLS Certificates, click Create and select Controller Certificate.

Controller certificate

Once the certificate is successfully imported or created, navigate to Administration > Settings > Access Settings, and click on the edit icon to edit the System Access Settings.

Access Settings

Replace the default/existing certificate with the new certificate in the SSL/TLS Certificate pull-down. Click on Save.

replacing default certificate

Note To avoid the certificate trust issue, verify that the certificate chain is complete on the Avi Controller and on the client browser. Install the complete certificate chain (the root and the intermediate certificates) on the Avi Controller and on the client browser. Try accessing the Avi Controller via the Avi UI to confirm it is opening without any error as shown in the below screenshot.

browser without any error