Catalyst Networks
All docs

Certificates

Certificate Authority

Each organization has one or more certificate authorities (CAs). The CA signs node certificates that establish identity and enable encrypted communication within the Nebula network.

Creating a CA

When you create an organization, a root CA is generated automatically. You can create additional CAs from the Certificates page.

Node Certificates

Node certificates are issued when a node registers. Each certificate includes:

  • The node’s Nebula IP address
  • The node’s name
  • Security group memberships
  • Expiration date

Certificate Lifecycle

The dashboard displays warnings when certificates approach expiration. You can:

  • Renew individual certificates from the node detail page
  • Use the CLI for bulk renewal
  • Set up webhook notifications for expiration alerts

QR Code Distribution

CA certificates and node registration tokens can be distributed via QR codes. This simplifies onboarding for mobile and desktop clients.