To replace the default, self-signed certificate, which is installed when installing App Volumes Manager, you can use a custom self-signed certificate. To generate a custom self-signed certificate, you must first create a configuration file and then use this file to generate the key and certificate.

Alternately, you can obtain a CA-signed certificate and later use this certificate to replace the default, self-signed certificate. For more information, see Obtain a CA-Signed Certificate Using a CSR.


  1. Create and name a text file as <config_file_name>.cfg.
  2. Make note of the file location.
    You need this file when generating the custom self-signed certificate.
  3. Open the <config_file_name>.cfg configuration file in a text application and add the following settings:
    • You can add custom values to these settings, however ensure that you use only digitalSignature, keyEncipherment, dataEncipherment for the keyUsage setting and serverAuth, clientAuth to extendedKeyUsage.
    • It is mandatory to provide the commonName, but optional to provide emailAddress.
    [ req ]
    default_bits = 
    default_keyfile = 
    distinguished_name = 
    encrypt_key = 
    prompt = 
    string_mask = 
    req_extensions = 
    [ v3_req ]
    basicConstraints = 
    keyUsage = digitalSignature, keyEncipherment, dataEncipherment
    extendedKeyUsage = serverAuth, clientAuth
    subjectAltName = 
    [ req_distinguished_name ]
    countryName = 
    stateOrProvinceName = 
    localityName = 
    organizationName = 
    emailAddress = 
    commonName = 
    For example: Here is a sample <config_file_name>.cfg file:
    [ req ]
    default_bits = 2048
    default_keyfile = svserver.key
    distinguished_name = req_distinguished_name
    encrypt_key = no
    prompt = no
    string_mask = nombstr
    req_extensions = v3_req
    [ v3_req ]
    basicConstraints = CA:FALSE
    keyUsage = digitalSignature, keyEncipherment, dataEncipherment
    extendedKeyUsage = serverAuth, clientAuth
    subjectAltName = DNS: appvolumemanager, IP:,
    [ req_distinguished_name ]
    countryName = US
    stateOrProvinceName = California
    localityName = Palo Alto
    organizationName = VMware, Inc.
    emailAddress =
    commonName =
  4. To generate the custom self-signed certificate, run the following command: openssl req -nodes -new -x509 -keyout <key_name>.key -sha256 -out <certificate_name>.crt -days 3650 -config <config_file_name>.cfg -extensions v3_req.
    The following two files are generated as outputs: <certificate_name>.crt and <key_name>.key.

What to do next

Replace the App Volumes Default Self-Signed Certificate