Cisco: You must create new UCSPE 2.1(3a) and 2.2(1b) with valid certificate

jmunk · ‎05-19-2014

Both UCSPE 2.1(3a) and 2.2(1b) are using a Verisign "RA certificate" as basis for their self signed certificate
However this certificate has run out on May 13th 2014
In a "real" UCSM You can create a Key Ring with certificate from Your corporate or 3. party trusted CA and solve the issue this way (You should of course always do this, when You take our UCS system into operation. I am sure that many other companies, than the ones I work for will "wake up" now and get busy creating such a key ring)
However in neither UCSPE 2.1(3a) nor UCSPE 2.2(1b) this function work. When I have written the information needed for my Key Ring certificate request, and press next, then the page with the Base64 encoded Certificate Request data simply does not appear.
In effect it is not possible to get a valid SSL certificate on UCSPE 2.1(3a) and 2.2(1b) which is obviously critical.
Java 7.55 rejects any HTTPS session to UCSPE, and most likely registration at UCS Central will fail
Look forward to a solution
(So my previous debate / question "Cisco: You need to create new UCSPE 2.2(1b)..." is actually not answered, however I cannot remove the "answered" mark)

BR

Jesper

-

shasridh · ‎06-05-2014

Hi Jesper,

Yes, we are aware of the certificate that has expired on May 13th 2014 and the issues with it. The fix for this is in the latest build that we will be posting in a day or two. I would recommend using it.

There are talks to rebuild UCSPE 2.1(3a) and 2.2(1b) with the fix. But i am not sure of it currently.

Regards,

Sharan Sridhar