Changing the Avi Controller's default certificate


The Avi Controller can be accessed via the Avi UI using the default certificate associated (linked) to it, but users get a warning message regarding certificate mismatch or certificate trust. To avoid a browser warning message while accessing the Avi Controller, install the complete certificate chain matching with the FQDN of the Avi Controller and replace the default Controller certificate with the new certificate.


Follow the steps mentioned in this section to change the default certificate for the Avi Controller, and import or create a new Controller certificate.

Navigate to Templates > Security > SSL/TLS Certificates, click Create and select Controller Certificate.

Controller certificate

Once the certificate is successfully imported or created, navigate to Administration > Settings > Access Settings, and click the pencil icon at top right to edit the System Access Settings.

Access Settings

Replace the default/existing certificate with the new certificate in the SSL/TLS Certificate pull-down. Click Save.

replacing default certificate Note To avoid any certificate trust issue, make sure the certificate chain is complete on the Avi Controller and on the client browser. Install the complete certificate chain (the root and the intermediate certificates) on the Avi Controller and on the client browser. Try accessing the Controller via the Avi UI to confirm it is opening without any error as shown in the below screenshot.

browser without any error