Cisco Catalyst Center Administrator Guide, Release 3.2.x

Manage Certificates

Updated: May 5, 2026

Overview

Learn how to manage system and device certificates, including internal Certificate Authority (CA) configuration, trustpoint management, and security best practices for certificate lifecycles.

Configure the proxy certificate

In some network configurations, proxy gateways might exist between Catalyst Center and the remote network it manages. Common ports such as 80 and 443 pass through the gateway proxy in the DMZ, and for this reason, SSL sessions from the network devices meant for Catalyst Center terminate at the proxy gateway. Therefore, these network devices can only communicate with Catalyst Center through the proxy gateway. For the network devices to establish secure and trusted connections with Catalyst Center or, if present, a proxy gateway, the network devices should have their PKI trust stores appropriately provisioned with the relevant CA root certificates or even the server’s own certificate under certain circumstances.

Upload an SSL intercept proxy certificate

If SSL decryption is enabled on the proxy server that is configured between Catalyst Center and the Cisco cloud from which it downloads software updates, upload an SSL intercept proxy certificate that is issued from an official certificate authority.

Renew internal certificates

Information about renewing internal certificates for another year before they are set to expire.

Certificate and private key support

Information about Catalyst Center digital certificates and private keys.

Manage device certificates

Information about managing device certificates for managed devices to authenticate and identify the devices.

Configure the device certificate lifetime

Information about configuring device certificate lifetime. Catalyst Center lets you change the certificate lifetime of network devices that are managed and monitored by the private (internal) Catalyst Center's CA.

Certificate authority

A certificate authority (CA) is an entity that manages the certificates and keys that are used to establish and secure server-client connections.

Configure the device certificate trustpoint

Information about configuring the device certificate trustpoint for devices to send wired and wireless Assurance telemetry to Catalyst Center when Manages Device Trustpoint is disabled.

Configure trusted certificates

Catalyst Center supports the import and storage of a trusted certificate bundle from Cisco. This trusted certificate bundle is used by Cisco networking devices to authenticate Catalyst Center and its applications, upon the presentation of a valid professional third-party vendor issued or self-signed digital certificate.

Need help?

Open a support case

(Requires a Cisco Service Contract)

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.