Creating A Self-Signed Certificate - Cisco UCS C Series Configuration Manual
Integrated management controller gui
Hide thumbs
Also See for UCS C Series:
- Programmer's manual (138 pages) ,
- Installing (20 pages) ,
- Installing manual (19 pages)
Table of Contents
Advertisement
Managing Certificates
Creating a Self-Signed Certificate
As an alternative to using a public Certificate Authority (CA) to generate and sign a server certificate, you
can operate your own CA and sign your own certificates. This section shows commands for creating a CA
and generating a server certificate using the OpenSSL certificate server running on Linux. For detailed
information about OpenSSL, see http://www.openssl.org.
These commands are to be entered on a Linux server with the OpenSSL package, not in the CIMC CLI.
Note
Before You Begin
Obtain and install a certificate server software package on a server within your organization.
Procedure
Step 1
Step 2
Step 3
Step 4
OL-22894-01
Command or Action
openssl genrsa -out CA_keyfilename
keysize
Example:
# openssl genrsa -out ca.key 1024
openssl req -new -x509 -days numdays
-key CA_keyfilename -out CA_certfilename
Example:
# openssl req -new -x509 -days 365
-key ca.key -out ca.crt
echo "nsCertType = server" >
openssl.conf
Example:
# echo "nsCertType = server" >
openssl.conf
openssl x509 -req -days numdays -in
CSR_filename -CA CA_certfilename
-set_serial 04 -CAkey CA_keyfilename
-out server_certfilename -extfile
openssl.conf
Example:
# openssl x509 -req -days 365 -in
csr.txt -CA ca.crt -set_serial 04
Cisco UCS C-Series Servers Integrated Management Controller GUI Configuration Guide, Release 1.1(2)
Creating a Self-Signed Certificate
Purpose
This command generates an RSA private key that will
be used by the CA.
To allow the CA to access the key without user
Note
input, do not use the -des3 option for this
command.
The specified file name contains an RSA key of the
specified key size.
This command generates a new self-signed certificate
for the CA using the specified key. The certificate is
valid for the specified period. The command prompts
the user for additional certificate information.
The certificate server is an active CA.
This command adds a line to the OpenSSL configuration
file to designate the certificate as a server-only
certificate. This designation is a defense against a
man-in-the-middle attack, in which an authorized client
attempts to impersonate the server.
The OpenSSL configuration file openssl.conf contains
the statement "nsCertType = server".
This command directs the CA to use your CSR file to
generate a server certificate.
Your server certificate is contained in the output file.
53
Hide quick links:
Advertisement
Chapters
Table of Contents
