Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
3342
Views
5
Helpful
2
Replies

CIMC certificate import error

Go to solution
Steve Galambos
Level 1
Level 1

‎08-18-2014 11:40 AM - edited ‎03-01-2019 11:48 AM

I'm trying to setup the UCS stand-alone Nagios plugin to monitor our C240M3 which uses the XML API to read sensor data, when I try to use the plugin with the self-signed CIMC certificate I get SSL error, so I figured no problem I'll generate a cert for the CIMC from our internal CA. I generated a CSR in the CIMC webUI per the instructions, and issued the cert from our CA, but I'm having issues importing the certificate.

 

I've tried both a DER and B64 encoded .cer file and I've also tried importing the chain in a .p7b file and I get "Certificate Upload Failed. Cannot validate" from the CIMC each time.

As I mentioned I'm trying this on a C240M3 and it's running v 2.0.1(a) I know 2.0.1(b) is out, but I didn't see anything regarding SSL certs in the release notes and we're a 24/7 facility so it'd be at least a couple weeks before I can schedule the downtime to perform the update.

3 people had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Reuben Farrelly
Level 3
Level 3

‎08-18-2014 08:05 PM

I ran into something very similar recently when trying to sign and upload a third party (public CA) PositiveSSL certificate.  It was failing to upload, and TAC determined it was due to the presence of an Extended Key Usage (EKU) attribute, namely "SSL client : Yes".

See https://tools.cisco.com/bugsearch/bug/CSCup26248

If this is the same bug you are running into, I suggest you open a TAC case and have it linked to this Bug ID.  This gives Cisco a better indication of the number of people impacted, and the more priority it will get in so far as getting fixed.

View solution in original post

2 Replies 2

Go to solution
Reuben Farrelly
Level 3
Level 3

‎08-18-2014 08:05 PM

I ran into something very similar recently when trying to sign and upload a third party (public CA) PositiveSSL certificate.  It was failing to upload, and TAC determined it was due to the presence of an Extended Key Usage (EKU) attribute, namely "SSL client : Yes".

See https://tools.cisco.com/bugsearch/bug/CSCup26248

If this is the same bug you are running into, I suggest you open a TAC case and have it linked to this Bug ID.  This gives Cisco a better indication of the number of people impacted, and the more priority it will get in so far as getting fixed.

Go to solution
Steve Galambos
Level 1
Level 1
In response to Reuben Farrelly

‎08-19-2014 08:33 AM

It seems to be the same issue, so I submitted a case referencing the bug ID you linked to, and I'll request they link the case to the bug once they contact me.

0 Helpful

Review Cisco Networking for a $25 gift card

Review Cisco Networking for a $25 gift card
Top