Install Trusted SSL Certificate in Cisco UCS Manager
derekseaman.com/2012/04/install-trusted-ssl-certificate-in.html
One of the tasks you should complete during the installation of the Cisco UCS Manager is configuring the Fabric Interconnects with a trusted SSL certificate. The procedure is straight forward, and only needs to be completed once, since the two Fabric Interconnects are clustered and the configuration is replicated between the two devices. In my example I’m using a Windows Server 2008 R2 Certificate Authority, but any CA should work, but the steps will vary a bit.
1. Login to your Windows CA web services site (https://yourCA/certsrv) and click on Download a CA certificate, certificate chain, or CRL.
2. On the next screen select the current root certificate, Base 64 encoding, and then click on Download CA certificate chain.
3. Save the P7B certificate file and open it in a text editor such as Notepad. Paste the contents of the file to the clipboard.
4. Login to the Cisco UCSM and click on the Admin tab. Right click on Key Management and select Create Trusted Point. Enter a name for this trust point, such as the name of your CA. Then paste the contents of the clipboard into the certificate chain window. Click OK. 5. Right click on Key Management and select Create Key Ring. Enter a keyring name, and select the modulus (I’d pick 2048). Left click on the new keyring and then click on Create Certificate Request. In the certificate request fill out the information appropriate. Use the FQDN for the “DNS” field and for the “Subject” name use the short hostname. The IP address should be the UCSM VIP (cluster) IP address. Click OK. 6. In the next window copy the request text to the clipboard. Login to your Windows CA then click on Request a certificate, advanced certificate request, then submit a certificate request by using a base-64 encoded CMC of PKCS#10 file. Paste the certificate request into the window provided, and select the appropriate certificate template, such as web server.
1/2
7. Download the certificate as Base 64 encoded, open it innotepad, then copy the contents to
derekseaman.com/2012/04/install-trusted-ssl-certificate-in.html
One of the tasks you should complete during the installation of the Cisco UCS Manager is configuring the Fabric Interconnects with a trusted SSL certificate. The procedure is straight forward, and only needs to be completed once, since the two Fabric Interconnects are clustered and the configuration is replicated between the two devices. In my example I’m using a Windows Server 2008 R2 Certificate Authority, but any CA should work, but the steps will vary a bit.
1. Login to your Windows CA web services site (https://yourCA/certsrv) and click on Download a CA certificate, certificate chain, or CRL.
2. On the next screen select the current root certificate, Base 64 encoding, and then click on Download CA certificate chain.
3. Save the P7B certificate file and open it in a text editor such as Notepad. Paste the contents of the file to the clipboard.
4. Login to the Cisco UCSM and click on the Admin tab. Right click on Key Management and select Create Trusted Point. Enter a name for this trust point, such as the name of your CA. Then paste the contents of the clipboard into the certificate chain window. Click OK. 5. Right click on Key Management and select Create Key Ring. Enter a keyring name, and select the modulus (I’d pick 2048). Left click on the new keyring and then click on Create Certificate Request. In the certificate request fill out the information appropriate. Use the FQDN for the “DNS” field and for the “Subject” name use the short hostname. The IP address should be the UCSM VIP (cluster) IP address. Click OK. 6. In the next window copy the request text to the clipboard. Login to your Windows CA then click on Request a certificate, advanced certificate request, then submit a certificate request by using a base-64 encoded CMC of PKCS#10 file. Paste the certificate request into the window provided, and select the appropriate certificate template, such as web server.
1/2
7. Download the certificate as Base 64 encoded, open it innotepad, then copy the contents to
No comments:
Post a Comment