The goal of this document is to explain the procedures for integrating CloudCenter with ACI via HTTP or HTTPS. By default the APIC is shipped with a self-generated certificate that is associated with the common name “APIC.” It is possible to integrate the APIC into a CloudCenter tenant using either the default HTTPS or the non-default HTTP protocol, both of which will be discussed here. To configure a custom certificate for HTTPS access to the APIC, review and follow this article. The process to create either a self-signed or publicly trusted certificate falls outside of the topic domain of this document.
Configuring the APIC for HTTP access:
To configure the APIC for HTTP access, navigate to Fabric -> Fabric Policies -> Pod Policies -> Policies -> Management Access -> default -> HTTP [Admin State] Enabled. Once this change is submitted, verify that the APIC responds to HTTP by navigating to the web interface (e.g. http://IP_of_APIC).
To configure the ACI Extension for the CloudCenter tenant, enter the same address for “APIC Controller URL"
Configuring the APIC for HTTPS access:
Case 1: Default SSL certificate
To configure the ACI Extension for the CloudCenter tenant to use the APIC’s default SSL certificate, an A record must be added to the DNS zone for the “APIC” name - this matches that name assigned to the default certificate shipped with the APIC. Once the record is added, ensure that https://APIC is resolved to the IP Address of the APIC. This is especially important where it concerns the CloudCenter Manager. To configure the ACI extension, the default certificate must be first be imported into the keystore. There is a useful utility that can facilitate this process:
Log on as root to the CloudCenter Orchestrator appliance & change to the /tmp directory
Capture text necessary to create certificate (*.crt) file
To configure the ACI Extension for the CloudCenter tenant to use a certificate signed by a trusted public root CA, obtain the certificate and install it onto the APIC. Add an A record to the DNS zone for a name that matches the common name of the certificate (e.g. if the common name is apic.cisco.local then the DNS resolved hostname must match). Once the certificate and A record have been added, verify that the name is resolved - this is particularly important in the case of the CloudCenter Manager. Since the certificate is signed by a trusted public CA, there is no requirement to import the certificate into the CloudCenter Manager’s keystore. To configure the ACI Extension for the CloudCenter tenant, enter https://DNS_Resolved_Name(e.g. https://apic.cisco.local).
Is it possible to do wired 802.1x on a 2960 switch with jumpcloud as radius server? Aaa authentication on the switch self is working.I have a working active directory configuration, but I would prefer a cloud alternative....Thanks!
I am reading book 'CCNA Routing and Switiching Study Guide - Lammle, Todd' wherein there was a command to create an interface (int f0/0). On CISCO Router command when I am giving a command Corp(Config)#int f0/0 It is displaying error messag...
Hi We are working on a RFP where the customer ask us to deliver monitoring services from the Webex Cloud (Calling, Contact Center and Meetings) to a Sciencelogic SL1 (formerly EM7) platform. To be more precise, we want to deliver services status...
We all know the cattle vs. pets analogy as it applies to servers, but have you ever considered that you may be doing the same thing with your Kubernetes clusters?
In this episode of the Cloud Unfiltered podcast Bill Mulligan explains why it happens, why y...