ā11-20-2012 06:42 AM - edited ā03-01-2019 10:43 AM
We have to replace the self-signed SSL certificates that come with our C220-M3 CIMC with some server certificates from our internal CA server. Is it possible to do this? I tried importing the certificates, but an error was generated stating that the certificate couldn't be validated. I assuming that the cause of this error is the fact that the CIMC doesn't recognize our internal CA as an authority server. If this is so, then how can I import my CA's certificate in order to recognize it as an authority server?
ā11-25-2012 10:31 PM
Hello David,
We should be able to import certificate signed by CA. Can you please try following steps and let me know the outcome ?
What is the certificate format and do you have trust chain to your internal CA ?
Padma
ā04-01-2013 11:50 AM
Does Anyone know if you can use 2048 encryption instead of 1024? Our CA is only accepting 2048 CSRs. Thanks
ā04-02-2013 01:41 AM
Hello Edwin,
I checked latest version ( 1.5.1 ) of CIMC and CSR is generated with 1024 key size.
The feature request for higher key size is tracked via
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCud45759
I will check if there are any work around.
Padma
ā03-19-2014 04:50 AM
Hi Padma
Is there any update to this thread? I have also just gotten burnt by this bug - purchased a (relatively cheap) SSL certificate for it only to find that the CSR isn't accepted because the key length isn't sufficient.
I also have a wildcard certificate but that isn't able to be imported either - so I'm a bit stuck in both ways.
Seems the certificate handling is not very fully featured. Are there plans to address either of these two issues?
Thanks,
Reuben
ā04-14-2014 06:11 AM
Nope, still not working, checked with the latest version for C220 (1.5.4e) today .....
Why is the status set to "fixed" ????
ā04-14-2014 06:23 AM
...and more importantly, which versions is it "fixed in" ? The bug page lists no versions.
Does TAC have access to supply a version with this fix?
ā04-22-2014 01:05 PM
I will follow up with Development Team and get back
Thanks,
Vishal Mehta
Cisco TAC
ā05-21-2014 05:41 AM
Any update on this yet? I see ver.2.0(1a) is out now but can't see anything in the release notes about the key length. I'd appreciate of someone can confirm?
Thanks,
Johan
ā05-21-2014 06:23 AM
Hello All,
Sorry for the lack of clarity.
The fix for defect CSCun04933 also address the issue described in CSCud45759
Following version of published firmware has the fix for these two defects
1.5.6 for M4 servers
2.0 for M3 servers
http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/release/notes/OL-32141-01.html#pgfId-616919
I have updated the defects and it should reflect the changes in few hours.
Thanks
Padma
ā04-23-2014 04:15 PM
Firmware - 1.5.6 has the fix. But it is only for C460 M4
For other C-Series platform we will have to wait for upcoming release 1.5.7x, which should be posted in the coming month.
ā04-22-2014 01:04 PM
I will follow up with Development Team and get back
Thanks,
Vishal Mehta
Cisco TAC
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide