We have to replace the self-signed SSL certificates that come with our C220-M3 CIMC with some server certificates from our internal CA server. Is it possible to do this? I tried importing the certificates, but an error was generated stating that the certificate couldn't be validated. I assuming that the cause of this error is the fact that the CIMC doesn't recognize our internal CA as an authority server. If this is so, then how can I import my CA's certificate in order to recognize it as an authority server?
We should be able to import certificate signed by CA. Can you please try following steps and let me know the outcome ?
What is the certificate format and do you have trust chain to your internal CA ?
I checked latest version ( 1.5.1 ) of CIMC and CSR is generated with 1024 key size.
The feature request for higher key size is tracked via
I will check if there are any work around.
Is there any update to this thread? I have also just gotten burnt by this bug - purchased a (relatively cheap) SSL certificate for it only to find that the CSR isn't accepted because the key length isn't sufficient.
I also have a wildcard certificate but that isn't able to be imported either - so I'm a bit stuck in both ways.
Seems the certificate handling is not very fully featured. Are there plans to address either of these two issues?
...and more importantly, which versions is it "fixed in" ? The bug page lists no versions.
Does TAC have access to supply a version with this fix?
Any update on this yet? I see ver.2.0(1a) is out now but can't see anything in the release notes about the key length. I'd appreciate of someone can confirm?
Sorry for the lack of clarity.
The fix for defect CSCun04933 also address the issue described in CSCud45759
Following version of published firmware has the fix for these two defects
1.5.6 for M4 servers
2.0 for M3 servers
I have updated the defects and it should reflect the changes in few hours.
Firmware - 1.5.6 has the fix. But it is only for C460 M4
For other C-Series platform we will have to wait for upcoming release 1.5.7x, which should be posted in the coming month.