to2048 bits. In general, a longer key is more secure than a shorter key. Cisco UCS Manager provides a default
keyring with an initial 1024-bit key pair, and allows you to create additional key rings.
Thedefault key ring certificate must be manually regenerated if the cluster name changes or the certificate
expires.
Thisoperation is only available in the UCS Manager CLI.
Certificates
Toprepare for secure communications, two devices first exchange their digital certificates. A certificate is a
filecontaining a device's public key along with signed information about the device's identity. To merely
supportencrypted communications, a device can generate its own key pair and its own self-signed certificate.
Whena remote user connects to a device that presents a self-signed certificate, the user has no easy method
toverify the identity of the device, and the user's browser will initially display an authentication warning. By
default,Cisco UCS Manager contains a built-in self-signed certificate containing the public key from the
defaultkey ring.
Trusted Points
Toprovide stronger authentication for Cisco UCS Manager, you can obtain and install a third-party certificate
froma trusted source, or trusted point, that affirms the identity of your device. The third-party certificate is
signedby the issuing trusted point, which can be a root certificate authority (CA) or an intermediate CA or
trustanchor that is part of a trust chain that leads to a root CA. To obtain a new certificate, you must generate
acertificate request through Cisco UCS Manager and submit the request to a trusted point.
Thecertificate must bein Base64encoded X.509(CER) format.Important
Creating a Key Ring
CiscoUCS Manager supports a maximum of 8 key rings, including the default key ring.
Procedure
Step 1 Inthe Navigation pane, clickthe Admintab.
Step 2 Onthe Admin tab, expand All >Key Management.
Step 3 Right-clickKey Management and choose Create Key Ring.
Step 4 Inthe Create Key Ring dialog box, do the following:
a) In the Name field, enter a unique name for the key ring.
b) In the Modulus field, select one of the following radio buttons to specify the SSL key length in bits:
Mod512
Mod1024
Mod1536
Mod2048
Cisco UCS Manager GUI Configuration Guide, Release 2.0
116 OL-25712-04
Configuring HTTPS