The UCS Central appliance is on it’s way to be a proper centralized management platform for multiple UCS domains, but it’s not quite there yet. There are little simple things missing, such as custom SSL certificates. I had to get UCS Central using a proper SSL certificate the other day and couldn’t really find anything on how to do it. After figuring out how to do it, I decided to document it here!
I’m not getting into how you can generate a SSL private key, there are plenty of other tutorials covering those things. You’ve got two options; generate the private key on the appliance along with a certificate request, fulfill the certificate request and place the generated files on the appliance. Considering you need to take the UCS Central offline to do this, the best way is to generate the key and certificate request on another source and have the private key, fulfilled certificate and CA certificate handy when you live boot the appliance.
UCS Central runs on a Linux distribution and uses apache for the webserver, so it’s not hard to set it up with a SSL certificate. You’re going to need some basic Linux knowledge though. First, boot the UCS Central appliance with a Linux live CD. I used CentOS.
After the live CD has booted, open a terminal and mount /dev/mapper/VolGroup00-LogVol00 (the UCS Central root mountpoint) to /mnt.
The certificate files are then located here: /mnt/opt/cisco/cert/ – Put your SSL private key, SSL certificate and CA certificate in there. Then edit the apache SSL config file located here: /mnt/opt/cisco/core/apache/conf/extra/httpd-ssl.conf
Point the SSLCertificateFile, SSLCertificateKeyFile, SSLCACertificateFile options to your own files and reboot then appliance to start UCS Central and you’ll have your properly signed SSL certificate.
Leave a Reply