The Controller must send a certificate to clients to establish secure communication.

The Controller has a default self-signed certificate. You must delete it and upload a new certificate or create a self-signed certificate.

For more information about certificates, see the Avi documentation.


  1. In the Avi Controller dashboard, click the menu in the upper-left hand corner and select Administration.
  2. Select Settings > Access Settings.
  3. Click the edit icon.
  4. Delete the default self-signed certificate in SSL/TLS Certificate.
  5. From the SSL/TLS Certificate drop-down, select Create Certificate.
    The Add Certificate (SSL/TLS) window appears.
  6. Enter a name for the certificate.
  7. To add a self-signed certificate, select Type as Self Signed.
    1. Enter the following details:
      Option Description
      Common Name

      Specify the fully-qualified name of the site. For the site to be considered trusted, this entry must match the hostname that the client entered in the browser.

      Subject Alternate Name (SAN) Enter the cluster IP address or FQDN of the Controller.
      Algorithm Select either EC (elliptic curve cryptography) or RSA. EC is recommended.
      Key Size Select the level of encryption to be used for handshakes:
      • SECP256R1 is used for EC certificates.
      • 2048-bit is recommended for RSA certificates.
    2. To download the self-signed certificate that you create, select Security > SSL/TLS Certificates.
    3. Select the certificate you created and click the download icon.
    4. In the Export Certificate page that appears, click Copy to clipboard.
    You need this certificate when you enable workload management.
  8. To upload a certificate, select Type as Import.
    1. In Certificate, click Upload File and import the certifcate.
      The SAN field of the certificate you upload must have the cluster IP address or FQDN of the Controller.
    2. In Key (PEM) or PKCS12, click Upload File and import the key.
    3. Click Validate to validate the certificate and key.
    4. Click Save.