https://mikedent.io/tags/certificates/Recent content in Certificates on Thoughts and Ramblings by MikeHugo -- gohugo.ioenMike DentSun, 03 May 2026 09:00:00 -0400https://mikedent.io/post/2026/5/updating-ssl-certificates-for-cml/Sun, 03 May 2026 09:00:00 -0400https://mikedent.io/post/2026/5/updating-ssl-certificates-for-cml/ <p>If you have a Cisco Modeling Labs appliance in your lab or running on a piece of dedicated hardware, you have probably noticed two browser warnings every time you log in. CML ships with self-signed certs on both the main web UI and the Cockpit management UI, and your browser will complain about both. Cisco publishes an <a href="https://developer.cisco.com/docs/modeling-labs/installing-ssl-certificate/">official guide for installing an SSL certificate on CML</a>, and it is a solid starting point, but in my own runs it did not get me 100% of the way to the outcome I wanted. The procedure focuses on the nginx side, leaves Cockpit's quirks largely unaddressed, and does not cover renewal, rollback, or any pre and post checks. The helper script in this post fills those gaps so a single command handles the install, the renewal six months from now, and a rollback if something goes sideways. This post walks through what the script does, how to use it, and how to keep things tidy when your wildcard cert renews.</p>