Cisco Systems OL-25712-04 Security Camera User Manual


 
to 2048 bits. In general, a longer key is more secure than a shorter key. Cisco UCS Manager provides a default
key ring with an initial 1024-bit key pair, and allows you to create additional key rings.
The default key ring certificate must be manually regenerated if the cluster name changes or the certificate
expires.
This operation is only available in the UCS Manager CLI.
Certificates
To prepare for secure communications, two devices first exchange their digital certificates. A certificate is a
file containing a device's public key along with signed information about the device's identity. To merely
support encrypted communications, a device can generate its own key pair and its own self-signed certificate.
When a remote user connects to a device that presents a self-signed certificate, the user has no easy method
to verify the identity of the device, and the user's browser will initially display an authentication warning. By
default, Cisco UCS Manager contains a built-in self-signed certificate containing the public key from the
default key ring.
Trusted Points
To provide stronger authentication for Cisco UCS Manager, you can obtain and install a third-party certificate
from a trusted source, or trusted point, that affirms the identity of your device. The third-party certificate is
signed by the issuing trusted point, which can be a root certificate authority (CA) or an intermediate CA or
trust anchor that is part of a trust chain that leads to a root CA. To obtain a new certificate, you must generate
a certificate request through Cisco UCS Manager and submit the request to a trusted point.
The certificate must be in Base64 encoded X.509 (CER) format.Important
Creating a Key Ring
Cisco UCS Manager supports a maximum of 8 key rings, including the default key ring.
Procedure
Step 1
In the Navigation pane, click the Admin tab.
Step 2
On the Admin tab, expand All > Key Management.
Step 3
Right-click Key Management and choose Create Key Ring.
Step 4
In the Create Key Ring dialog box, do the following:
a) In the Name field, enter a unique name for the key ring.
b) In the Modulus field, select one of the following radio buttons to specify the SSL key length in bits:
Mod512
Mod1024
Mod1536
Mod2048
Cisco UCS Manager GUI Configuration Guide, Release 2.0
116 OL-25712-04
Configuring HTTPS