Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1377
Views
0
Helpful
7
Replies

CIMC intermediate SSL certificates

BenCastricum
Level 1
Level 1

‎07-07-2022 02:36 AM

Cisco Integrated Management Controller Version : 4.1(3h)
We are trying to get a properly functioning SSL connection for the web interface on the CIMC. We succeeded in uploading the private key, and corresponding end entity certificate. After activating those, they are also properly used for the connection. But still we cannot validate the connection, because the certificate is not signed by a Root CA, but one CA below it. To make chain validation work, the intermediate certificate of the CA needs to be added to the chain the CIMC offers.

I was unable to find a way to upload such a certificate, or any documentation of such a process.

So, how do I add an intermediate certificate to my CIMC for SSL connections?

Labels:
0 Helpful
7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

‎07-07-2022 03:51 AM

If yu like you can download CA cert from your browser :

 

follow below guide :

 

https://www.cisco.com/c/en/us/support/docs/servers-unified-computing/ucs-c-series-rack-servers/200666-UCS-Install-server-certificate-to-CIMC.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

BenCastricum
Level 1
Level 1
In response to balaji.bandi

‎07-08-2022 12:17 AM

I read that one, but it does not contain any clues ON uploading CA / Intermediate certificates.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to BenCastricum

‎07-08-2022 03:40 AM

is this Local CA ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

BenCastricum
Level 1
Level 1
In response to balaji.bandi

‎07-08-2022 04:35 AM

Local as in Our company yes. So the chain to validate the certificate chain is: 

 

  1. Company Root CA Certificate
  2. Company CA Certificate
  3. Server Certificate

 

The CIMC needs to include the 2nd one too when setting up the HTTPS connecting.

0 Helpful

bvalente
Level 1
Level 1
In response to BenCastricum

‎10-26-2023 03:17 AM

Was there ever a solution for this? We are currently in this same boat at the moment with HTTPS certificates. We have combined the certificates into one single chain .crt file to upload but we are running into a file limitation (5KB) issue. Our .crt file is 5.24KB. 

0 Helpful

BenCastricum
Level 1
Level 1
In response to bvalente

‎10-27-2023 12:03 AM

No, unfortunately not. We still need to use security exceptions to connect to our CIMCs.

0 Helpful

Raoul1971
Level 1
Level 1
In response to BenCastricum

‎11-01-2023 05:41 AM

I've had the same issue, the webgui seems to have a 5k limitation.
However, the cimc cli does not.
The following procedure works with a machine and intermediate ca certificate:

1) ssh into climc
2) scope certificate
3) upload-paste-external-certificate
--> paste machine and intermediate ca certificate
4) upload-paste-external-private-key
--> paste private key
5) activate-external-certificate
--> your session will terminate and the cimc services for https/ssl will reload.

this is tested on c220m4 with 4.1(2k)

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card