The following article describes about the procedure to create and use 3rd party certificates on UCS for secure communication.
Access to CA Authority
Steps to configure
Configure Trust Point
Download the certificate chain from the CA authority to create Trust-Point.
Download Certificate chain from CA Authority
Please make sure encoding is set to Base 64.
The downloaded certificate-chain would be in PB7 format.
Convert the .pb7 file to PEM format using OpenSSL tool.
For e.g. in Linux, you can run the following command in terminal to perform the conversion- openssl pkcs7 -print_certs -in <cert_name>.p7b -out <cert_name>.pem.
Create a Trust-Point on UCSM.
Go to Admin > Key Management > Trustpoint.
When creating the Trust-point paste the complete contents of the .PEM file created in step 2 in the certificate details space.
Creating Keyring and CSR
Go to UCSM > Admin > Key Management > Keyring.
Choose the Modulus which is needed for the 3rd party certificate.
Click on create certificate request and fill in the requested details.
Copy the contents of the request field.
To generate the certificate, paste the copied request from step 5 in the shown space below:
Once submit a new certificate will get generated. Open the file and copy all the contents of newly generated certificate in the certificate filed on keyring created in step 4.
Also select the trust-point from dropdown we created in step 3.
Applying the Keyring
Select the created keyring in the communication services as shown below:
After the change in keyring, HTTPS connection to the UCSM will show up as secure in your web browser. Note: This requires the local desktop to also use the certificate from the same CA authority as the UCSM.