Open a terminal and write the following to create private key file "key.pem" and certificate file "cert.pem" (both in the X.509 format):
% openssl req -newkey rsa:4096 -nodes -x509 -keyout key.pem -out cert.pem
Generating a 4096 bit RSA private key
writing new private key to 'key.pem'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) :.
State or Province Name (full name) :.
Locality Name (eg, city) :.
Organization Name (eg, company) :.
Organizational Unit Name (eg, section) :.
Common Name (eg, fully qualified host name) :127.0.0.1
Email Address :.
Note that the value of the fields is not important except for the "Common Name", which must be the IP or domain name used by the Monitors to connect.
Put the real IP in place of "127.0.0.1".
On this page
If the following error, or similar, is given when trying to connect to the Manager, it's necessary to state that you trust the certificate:
Error: Connection error: The root CA certificate is not trusted for this purpose
On macOS, double-click the certificate file and add it to the "login" keychain. Click "My Certificates" in the left pane and find the item with the domain name or IP you input above. Double-click that item and set it to "Always Trust" for "Secure Sockets Layer (SSL)".
Note that the certificate must be downloaded to the computer first and imported into the local certificate key store (on macOS you just need to double-click it).