Hi all,

We’re running an Omada OC8411 controller in production. I attempted to replace the default SSL cert with a custom one generated by mkcert.

By mistake, I uploaded the Root CA cert + key instead of the server cert + key. After restarting the controller, both HTTPS (8043) and HTTP (8088) management ports are unreachable, and SSH is also not responding. Browsers show:

ERR_SSL_KEY_USAGE_INCOMPATIBLE

So far I’ve tried:

• Accessing via http://<controller-ip>:8088 → fails

• Accessing via https://<controller-ip>:8043 → fails

• SSH via PuTTY → connection refused

Questions:

1. Is there a way to recover via the console port (RJ45 serial)? What are the exact login details and steps?

2. If I manually delete/replace the cert files over console, will Omada regenerate the default self-signed certs?

3. If not, is factory reset the only way forward? (If so, does it restore the default self-signed cert automatically?)

4. Any official documentation from TP-Link on SSL cert replacement best practices for the OC8411?

This is a production controller, so I need the cleanest path to recover access without wiping config.

Thanks in advance!