Use this procedure to replace the default System Manager signed Identity certificate with a new one having Cluster IP or Cluster FQDN added as Subject Alternative Name (SAN).
Procedure
In System Manager, click Services > Inventory.
In the navigation pane, click Manage Elements.
On the Manage Elements page, select an element and click More Actions > Configure Identity Certificates.
On the Identity Certificates page, select the certificate that you want to replace.
Click Replace.
On the Replace Identity Certificate page, click Replace this Certificate with Internal CA Signed Certificate, and perform the following steps:
Select the check box and type the common name (CN) that is defined in the existing certificate.
Select the key algorithm and key size from the respective fields.
Note:
System Manager uses the SHA2 algorithm for generating certificates.
In Subject Alternative Name field, select the check box, and perform the following:
In the DNS Name field, select the check box and enter the values. Enter the FQDN for both security IP and Cluster IP separated by a comma.
In the IP Address field, select the check box and enter the values. Enter both security IP and Cluster IP separated by a comma.
Note:
In both these fields, you can enter more values separated by a comma.
To replace the identity certificate with the internal CA signed certificate, click Commit.
Restart the service for which you replaced the certificate.
