Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CIMC certificate import error

I'm trying to setup the UCS stand-alone Nagios plugin to monitor our C240M3 which uses the XML API to read sensor data, when I try to use the plugin with the self-signed CIMC certificate I get SSL error, so I figured no problem I'll generate a cert for the CIMC from our internal CA. I generated a CSR in the CIMC webUI per the instructions, and issued the cert from our CA, but I'm having issues importing the certificate.

 

I've tried both a DER and B64 encoded .cer file and I've also tried importing the chain in a .p7b file and I get "Certificate Upload Failed. Cannot validate" from the CIMC each time.

As I mentioned I'm trying this on a C240M3 and it's running v 2.0.1(a) I know 2.0.1(b) is out, but I didn't see anything regarding SSL certs in the release notes and we're a 24/7 facility so it'd be at least a couple weeks before I can schedule the downtime to perform the update.

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions

I ran into something very

I ran into something very similar recently when trying to sign and upload a third party (public CA) PositiveSSL certificate.  It was failing to upload, and TAC determined it was due to the presence of an Extended Key Usage (EKU) attribute, namely "SSL client : Yes".

See https://tools.cisco.com/bugsearch/bug/CSCup26248

If this is the same bug you are running into, I suggest you open a TAC case and have it linked to this Bug ID.  This gives Cisco a better indication of the number of people impacted, and the more priority it will get in so far as getting fixed.

2 REPLIES

I ran into something very

I ran into something very similar recently when trying to sign and upload a third party (public CA) PositiveSSL certificate.  It was failing to upload, and TAC determined it was due to the presence of an Extended Key Usage (EKU) attribute, namely "SSL client : Yes".

See https://tools.cisco.com/bugsearch/bug/CSCup26248

If this is the same bug you are running into, I suggest you open a TAC case and have it linked to this Bug ID.  This gives Cisco a better indication of the number of people impacted, and the more priority it will get in so far as getting fixed.

New Member

It seems to be the same issue

It seems to be the same issue, so I submitted a case referencing the bug ID you linked to, and I'll request they link the case to the bug once they contact me.

421
Views
5
Helpful
2
Replies