Hello All,Sorry for the lack

dbrown · ‎11-20-2012

We have to replace the self-signed SSL certificates that come with our C220-M3 CIMC with some server certificates from our internal CA server. Is it possible to do this? I tried importing the certificates, but an error was generated stating that the certificate couldn't be validated. I assuming that the cause of this error is the fact that the CIMC doesn't recognize our internal CA as an authority server. If this is so, then how can I import my CA's certificate in order to recognize it as an authority server?

padramas · ‎11-25-2012

Hello David,

We should be able to import certificate signed by CA. Can you please try following steps and let me know the outcome ?

http://www.cisco.com/en/US/docs/unified_computing/ucs/c/sw/gui/config/guide/1.4.1/b_Cisco_UCS_C-Series_GUI_Configuration_Guide_141_chapter_01011.html

What is the certificate format and do you have trust chain to your internal CA ?

Padma

UCFedwin · ‎04-01-2013

Does Anyone know if you can use 2048 encryption instead of 1024? Our CA is only accepting 2048 CSRs. Thanks

padramas · ‎04-02-2013

Hello Edwin,

I checked latest version ( 1.5.1 ) of CIMC and CSR is generated with 1024 key size.

The feature request for higher key size is tracked via

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCud45759

I will check if there are any work around.

Padma

Reuben Farrelly · ‎03-19-2014

Hi Padma

Is there any update to this thread? I have also just gotten burnt by this bug - purchased a (relatively cheap) SSL certificate for it only to find that the CSR isn't accepted because the key length isn't sufficient.

I also have a wildcard certificate but that isn't able to be imported either - so I'm a bit stuck in both ways.

Seems the certificate handling is not very fully featured. Are there plans to address either of these two issues?

Thanks,

Reuben

Frank Lothar Weber · ‎04-14-2014

Nope, still not working, checked with the latest version for C220 (1.5.4e) today .....

Why is the status set to "fixed" ????

Reuben Farrelly · ‎04-14-2014

...and more importantly, which versions is it "fixed in" ? The bug page lists no versions.

Does TAC have access to supply a version with this fix?

Vishal Mehta · ‎04-22-2014

I will follow up with Development Team and get back

Thanks,

Vishal Mehta

Cisco TAC

jrossouw · ‎05-21-2014

Any update on this yet? I see ver.2.0(1a) is out now but can't see anything in the release notes about the key length. I'd appreciate of someone can confirm?

Thanks,

Johan

padramas · ‎05-21-2014

Hello All,

Sorry for the lack of clarity.

The fix for defect CSCun04933 also address the issue described in CSCud45759

Following version of published firmware has the fix for these two defects

1.5.6 for M4 servers

2.0 for M3 servers

http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/release/notes/OL-32141-01.html#pgfId-616919

I have updated the defects and it should reflect the changes in few hours.

Thanks
Padma

Vishal Mehta · ‎04-23-2014

Firmware - 1.5.6 has the fix. But it is only for C460 M4

For other C-Series platform we will have to wait for upcoming release 1.5.7x, which should be posted in the coming month.

Vishal Mehta · ‎04-22-2014

I will follow up with Development Team and get back

Thanks,

Vishal Mehta

Cisco TAC

Importing CIMC SSL Server Certificate using internal CA