Cisco Systems UCSCPCIEBTG Manual De Usuario
gYEAG61CaJoJaVMhzCl903O6Mg51zq1zXcz75+VFj2I6rH9asckCld3mkOVx5gJU
Ptt5CVQpNgNLdvbDPSsXretysOhqHmp9+CLv8FDuy1CDYfuaLtvlWvfhevskV0j6
mK3Ku+YiORnv6DhxrOoqau8r/hyI/L43l7IPN1HhOi3oha4=
-----END CERTIFICATE REQUEST-----
Ptt5CVQpNgNLdvbDPSsXretysOhqHmp9+CLv8FDuy1CDYfuaLtvlWvfhevskV0j6
mK3Ku+YiORnv6DhxrOoqau8r/hyI/L43l7IPN1HhOi3oha4=
-----END CERTIFICATE REQUEST-----
Copy everything from "-----BEGIN ..."
to "END CERTIFICATE REQUEST-----",
paste to a file, send to your chosen CA for signing,
and finally upload the signed certificate via upload command.
and finally upload the signed certificate via upload command.
---OR---
Continue to self sign CSR and overwrite the current certificate?
All HTTPS and SSH sessions will be disconnected. [y|N]
All HTTPS and SSH sessions will be disconnected. [y|N]
N
What to Do Next
Perform one of the following tasks:
• If you do not want to obtain a certificate from a public certificate authority, and if your organization
does not operate its own certificate authority, you can allow CIMC to internally generate a self-signed
certificate from the CSR and upload it immediately to the server. Type y after the final prompt in the
example to perform this action.
certificate from the CSR and upload it immediately to the server. Type y after the final prompt in the
example to perform this action.
• If your organization operates its own certificate server for generating self-signed certificates, copy the
command output from "-----BEGIN ..." to "END CERTIFICATE REQUEST-----" and paste to a file
named csr.txt. Input the CSR file to your certificate server to generate a self-signed certificate.
named csr.txt. Input the CSR file to your certificate server to generate a self-signed certificate.
• If you will obtain a certificate from a public certificate authority, copy the command output from
"-----BEGIN ..." to "END CERTIFICATE REQUEST-----" and paste to a file named csr.txt. Submit the
CSR file to the certificate authority to obtain a signed certificate.
CSR file to the certificate authority to obtain a signed certificate.
If you did not use the first option, in which CIMC internally generates and uploads a self-signed certificate,
you must upload the new certificate using the upload command in certificate command mode.
you must upload the new certificate using the upload command in certificate command mode.
Creating a Self-Signed Certificate
As an alternative to using a public Certificate Authority (CA) to generate and sign a server certificate, you
can operate your own CA and sign your own certificates. This section shows commands for creating a CA
and generating a server certificate using the OpenSSL certificate server running on Linux. For detailed
information about OpenSSL, see
can operate your own CA and sign your own certificates. This section shows commands for creating a CA
and generating a server certificate using the OpenSSL certificate server running on Linux. For detailed
information about OpenSSL, see
.
These commands are to be entered on a Linux server with the OpenSSL package, not in the CIMC CLI.
Note
Before You Begin
Obtain and install a certificate server software package on a server within your organization.
Cisco UCS C-Series Servers Integrated Management Controller CLI Configuration Guide, Release 1.5
OL-28893-01
145
Managing Certificates
Creating a Self-Signed Certificate