cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2731
Views
5
Helpful
2
Replies

CIMC certificate import error

Steve Galambos
Level 1
Level 1

I'm trying to setup the UCS stand-alone Nagios plugin to monitor our C240M3 which uses the XML API to read sensor data, when I try to use the plugin with the self-signed CIMC certificate I get SSL error, so I figured no problem I'll generate a cert for the CIMC from our internal CA. I generated a CSR in the CIMC webUI per the instructions, and issued the cert from our CA, but I'm having issues importing the certificate.

 

I've tried both a DER and B64 encoded .cer file and I've also tried importing the chain in a .p7b file and I get "Certificate Upload Failed. Cannot validate" from the CIMC each time.

As I mentioned I'm trying this on a C240M3 and it's running v 2.0.1(a) I know 2.0.1(b) is out, but I didn't see anything regarding SSL certs in the release notes and we're a 24/7 facility so it'd be at least a couple weeks before I can schedule the downtime to perform the update.

1 Accepted Solution

Accepted Solutions

Reuben Farrelly
Level 3
Level 3

I ran into something very similar recently when trying to sign and upload a third party (public CA) PositiveSSL certificate.  It was failing to upload, and TAC determined it was due to the presence of an Extended Key Usage (EKU) attribute, namely "SSL client : Yes".

See https://tools.cisco.com/bugsearch/bug/CSCup26248

If this is the same bug you are running into, I suggest you open a TAC case and have it linked to this Bug ID.  This gives Cisco a better indication of the number of people impacted, and the more priority it will get in so far as getting fixed.

View solution in original post

2 Replies 2

Reuben Farrelly
Level 3
Level 3

I ran into something very similar recently when trying to sign and upload a third party (public CA) PositiveSSL certificate.  It was failing to upload, and TAC determined it was due to the presence of an Extended Key Usage (EKU) attribute, namely "SSL client : Yes".

See https://tools.cisco.com/bugsearch/bug/CSCup26248

If this is the same bug you are running into, I suggest you open a TAC case and have it linked to this Bug ID.  This gives Cisco a better indication of the number of people impacted, and the more priority it will get in so far as getting fixed.

It seems to be the same issue, so I submitted a case referencing the bug ID you linked to, and I'll request they link the case to the bug once they contact me.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: