The Avi Load Balancer Controller can be accessed through the UI using the default certificate associated with it, but users get a warning message regarding certificate mismatch or certificate trust. To avoid a browser warning message while accessing the Controller, install the complete certificate chain matching the FQDN of the Controller and replace the default Controller certificate with the new certificate.

To change the default certificate for the Controller, and import or create a new Controller certificate.

Procedure

  1. Navigate to Templates > Security > SSL/TLS Certificates, click Create and select Controller Certificate.
  2. Create or Import the existing certificate.
  3. Navigate to Administration > System Settings, and click the edit icon to edit the System Settings.
  4. Replace the default or existing certificate with the new certificate in the SSL/TLS Certificate drop-down menu.


  5. Click Save.

Results

Note:

To avoid any certificate trust issue, make sure that the certificate chain is complete on the Controller and the client browser. Install the complete certificate chain (the root and the intermediate certificates) on the Controller and the client browser. Try accessing the Controller using the UI to confirm it is opening without any error.