If one need to generate a certificate via the CLI after expiration:

Note - once the CIMC certificate expires, you will not be able to 'https://' to the CIMC controller.

ssh to the CIMC via IP address

Once you are on the prompt below (the 'x' is to hide things):

C220-FCHxxxxxxxx#scope certificate

C220-FCHxxxxxxxx# / certificate #show detail

You will see the below - copy it somewhere:

Certificate Information:

    Serial Number: D72XXXXXXXXXXXXB

    Subject Country Code (CC): US

    Subject State (S): California

    Subject Locality (L): San Jose

    Subject Organization (O): Cisco Self Signed

    Subject Organizational Unit (OU): PID:UCSC-C220-M4S SERIAL:FCHXXXXXXXX

    Subject Common Name (CN): C-series CIMC

    Issuer Country Code (CC): US

    Issuer State (S): California

    Issuer Locality (L): San Jose

    Issuer Organization (O): Cisco Self Signed

    Issuer Organizational Unit (OU): PID:UCSC-C220-M4S SERIAL:FCHXXXXXXXX

    Issuer Common Name (CN): C-series CIMC

    Valid From: Jan 19 12:26:53 2018 GMT

    Valid To: Jan 18 12:26:53 2023 GMT

220-FCHXXXXXXXX /certificate # generate-csr

(When generating the certificate, you will use the 'certificate detail' to input information as it asks for it, such as the Common Name, etc.:)

Once completed, it will ask you to 'Continue to generate CSR?[y|N]'. - you will say 'y'

This will take about 3 minutes to generate.. Once generated, it will ask you:

Continue to self sign CSR and overwrite the current certificate?

All HTTPS and SSH sessions will be disconnected. [y|N] - you will say 'y'

At this point, the CIMC will be rebooted... this will take a few seconds.  You will need to reconnect to the CIMC, BUT, you will now be able to 'https://' to it at this point.

Jose