Create and Use Third Party Certificate on UCSM

Available Languages

Download Options

  • PDF     (940.3 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (1.1 MB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (414.4 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:June 8, 2023
Document ID:213523

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes the procedure to create and use third party certificates on Unified Computing System (UCS) for secure communication.

    Prerequisites

    Requirements

    Cisco recommends that you have knowledge of these topics:

    • Access to CA Authority
    • UCSM 3.1

    Components Used

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Steps to Configure

    Configure Trust Point

    Step 1

    • Download the certificate chain from the CA authority to create Trust-Point. Refer to http://localhost/certsrv/Default.asp within the Cert Server.
    • Make sure encoding is set to Base 64. 

    Download Certificate Chain from CA AuthorityDownload Certificate chain from CA Authority

    Step 2

    • The downloaded certificate-chain is in PB7 format.

    Chain Download

    • Convert the .pb7 file to PEM format with OpenSSL tool.
    • For example, in Linux, you can run this command in terminal to perform the conversion- openssl pkcs7 -print_certs -in <cert_name>.p7b -out <cert_name>.pem.

    Step 3

    • Create a Trust-Point on UCSM.
    • Navigate to Admin > Key Management > Trustpoint.
    • When you create the Trust-point, paste the complete contents of the .PEM file created in step 2 of this section in the certificate details space.

    TP Creation

    Create Keyring and CSR 

    Step 1

    • Navigate to UCSM > Admin > Key Management > Keyring.
    • Choose the Modulus which is needed for the third party certificate.

    Create Keyring

    Step 2

    • Click create certificate request and fill in the requested details.
    • Copy the contents of the request field.

    Keyring Request

    Step 3

    To generate the certificate, paste the copied request from step 2 in the space shown below:

    Certificate Request

    Step 4

    • Once submitted, a new certificate is generated. Open the file and copy all the contents of newly generated certificate in the certificate field on keyring created in step 1 of this section.

    New Certificate Created

    • Choose the trust-point from the dropdown created in step 3 of Create Keyring and CSR.

    Apply the Keyring

    Step 1

    Choose the created keyring in the communication services as shown below:

    Choose the Created Keyring in Communication Services

    After the change in keyring, HTTPS connection to the UCSM shows up as secure in your web browser.

    note-icon

    Note: This requires the local desktop to also use the certificate from the same CA authority as the UCSM.

      HTTP Connection to the UCSM Shows Up as Secure in Web Browser

    Related Information

    Revision History

    Revision Publish Date Comments
    2.0
    08-Jun-2023
    Added Table of Contents and Related Information section Updated Title, Introduction, Alt Text, Style Requirements, Machine Translation and Formatting.
    1.0
    13-Aug-2018
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Yash Aggarwal
      Cisco TAC Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products