Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
847
Views
0
Helpful
2
Replies

b-series certificates to outband cimc connections

raven428c
Level 1
Level 1

‎02-21-2017 06:13 AM - edited ‎03-01-2019 01:04 PM

I installed custom certificate to UCS 3.1(1l) for https connection, and got green lock at chrome status bar by adding my own certificate authority to system trust. But when I try to launch vKVM or Java version of UCS Manager I still got expired certificate:

uexpired certificatecs

When I do direct https connection to outband management IP of any server, I also get self signed certificates and warnings.

How to sign all UCS Manager certificates by my own CA? I would like walk to my servers without any warnings.

0 Helpful
2 Replies 2

Kirk J
Cisco Employee
Cisco Employee

‎02-21-2017 08:02 AM

The KVM certificates are internal only, and are not modifiable.

On the C series, where there is an HTML5 based KVM, I'm not sure if this will change.

Will post more after researching that.

Please keep in mind the CIMC ip address (the KVM runs off of ) in a blade is subject to change(i.e. decom/re-eack) and certificates that don't match the IP/name are still going to give you errors, even if there was a mechanism to insert yours.

Thanks,

Kirk...

0 Helpful

Kirk J
Cisco Employee
Cisco Employee
In response to Kirk J

‎02-21-2017 12:20 PM

I tested a M4 C series server running 3.01c, and the HTML5 KVM reported the updated certificate after I changed it for the CIMC.  I am "assuming" an external CA based certificate would behave the same in this scenario.

I doubt that Java based KVM certs will get this functionality.

Thanks,

Kirk...

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Review Cisco Networking for a $25 gift card