diff --git a/confluent_server/confluent/certutil.py b/confluent_server/confluent/certutil.py
index 171da273..27dd135c 100644
--- a/confluent_server/confluent/certutil.py
+++ b/confluent_server/confluent/certutil.py
@@ -1,4 +1,10 @@
 import os
+if __name__ == '__main__':
+    import sys
+    path = os.path.dirname(os.path.realpath(__file__))
+    path = os.path.realpath(os.path.join(path, '..'))
+    if path.startswith('/opt'):
+        sys.path.append(path)
 import confluent.collective.manager as collective
 import confluent.util as util
 from os.path import exists
@@ -443,6 +449,7 @@ async def create_certificate(keyout=None, certout=None, csrfile=None, subj=None,
 
 if __name__ == '__main__':
     import sys
+    import ipaddress
     outdir = os.getcwd()
     keyout = os.path.join(outdir, 'key.pem')
     certout = os.path.join(outdir, 'cert.pem')
@@ -457,6 +464,20 @@ if __name__ == '__main__':
         subj, san = util.get_bmc_subject_san(c, bmcnode)
     except ValueError:
         bindex = None
+    if subj is None:
+        try:
+            sans = set()
+            sindex = sys.argv.index('-s')
+            subj = sys.argv.pop(sindex + 1)  # Remove subject argument
+            sys.argv.pop(sindex)      # Remove -s flag
+            try:
+                ipaddress.ip_address(subj)
+                sans.add('IP:{0}'.format(subj))
+            except ValueError:
+                sans.add('DNS:{0}'.format(subj))
+            san = ','.join(sans) if sans else None
+        except ValueError:
+            pass
     try:
         csrout = sys.argv[1]
     except IndexError:
diff --git a/misc/setupnokia.sh b/misc/setupnokia.sh
new file mode 100644
index 00000000..5b3d0ca0
--- /dev/null
+++ b/misc/setupnokia.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+if [[ -z "$SWITCHUSER" || -z "$SWITCHPASS" ]]; then
+    echo "Error: SWITCHUSER and SWITCHPASS environment variables must be set"
+    exit 1
+fi
+
+if [[ $# -eq 0 ]]; then
+    echo "Error: At least one argument is required"
+    exit 1
+fi
+
+SWITCHNAME="$1"
+
+# Create temporary SSH ASKPASS script
+ASKPASS_SCRIPT=$(mktemp)
+trap "rm -f $ASKPASS_SCRIPT" EXIT
+
+cat > "$ASKPASS_SCRIPT" << 'EOF'
+#!/bin/bash
+echo "$SWITCHPASS"
+EOF
+
+chmod 700 "$ASKPASS_SCRIPT"
+
+# Set SSH_ASKPASS environment variable
+export SSH_ASKPASS="$ASKPASS_SCRIPT"
+export SSH_ASKPASS_REQUIRE=force
+export DISPLAY=none
+
+CERTDIR=$(mktemp -d)
+trap "rm -rf $CERTDIR" EXIT
+cd "$CERTDIR"
+python3 /opt/confluent/lib/python/confluent/certutil.py -s "$SWITCHNAME"
+setsid ssh $SWITCHUSER@"$SWITCHNAME" <<EOC
+enter candidate exclusive
+/ system json-rpc-server admin-state enable
+/ system tls server-profile fullcert key "$(<$CERTDIR/key.pem)"
+/ system tls server-profile fullcert certificate "$(<$CERTDIR/cert.pem)"
+/ system json-rpc-server network-instance mgmt https admin-state enable
+/ system json-rpc-server network-instance mgmt https tls-profile fullcert
+commit save
+EOC