UCS Central Best Practice Guide --- Updated for Release 1.2(1a)

Raphael · ‎02-18-2015

Hello everybody

Has anyone set up a UCSM and UCSC both with 3rd party certificates? (using Microsoft Certificate Server)
UCSC = UCS Central

In the documentation, it says that one needs to create a certificate with the usage "certificate signing". One has to create the new cert for UCSC with the template "subordinate certification authority".

http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/ucs-central/users-manual/1-2/b_CiscoUCSCentral-Software-UserManual-Release1-2/b_CiscoUCSCentral-Software-UserManual-Release1-2_chapter_011.html#concept_5CDA8BD5B53B457AB9F62D3041AA5A01

So if I understand that correctly, then we basically create a new Sub CA, just for UCSC. Is that correct?

Does anyone know more details about that?

What are the implications of doing that? The customer is a bit anxious about that. Is it no problem at all or is it necessary to involve a MS expert for proper setup and configuration regarding all the rest of the PKI?

Any help in insight is very much appreciated.

Thank you :-)

Walter Dey · ‎02-19-2015

Do you know

19. Appendix I (Certificate Troubleshooting)

https://communities.cisco.com/docs/DOC-35264

UCS Central Best Practice Guide --- Updated for Release 1.2(1a)

Raphael · ‎02-20-2015

Hello Walter

Thank you for the input but that document does not help. It checked it before posting.

Right now in UCSC 1.2 when using 3rd party certs with an Enterprise CA, you really need a special cert for UCSC with the capability of certificate signing.

The other option is to stick with the default built in cert.

UCSC 3rd party certificates, subordinate CA

UCS Central Best Practice Guide --- Updated for Release 1.2(1a)