Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Configuring secure communication with Cisco UCS

To configure secure communications between the BMC Server Automation UCS Manager server and the managed UCS systems, you must perform the following tasks:

Setting the SSL configuration option

When you set the SSL Configuration option to True, the system creates an SSLConfig file in the RSCD_DIR/UCS directory. The UCS configuration object uses the configuration settings in this SSLConfig file to connect to the UCS system.

To set the SSL Configuration option

  1. Open the Servers folder and navigate to the BMC Server Automation UCS Manager server.
  2. Right-click the server and select Browse.
  3. Choose the Live Browse tab.
  4. Right-click the BMC Server Automation UCS Manager node and select SSL Configuration.

  5. Set the SSL configuration value.

    • Set the value to True to perform communication over a secure channel.
    • Set the value to False to perform communication over a non-secure channel.

    The default configuration is a non-SSL connection with the UCS system.

    Note

    The SSL configuration value is a global setting on designated UCS Proxies and applies to all UCS systems being managed. Updating this configuration takes effect immediately for the next connection request with a UCS system.

Storing a certificate

The system creates an empty certificate store (that is, an empty folder) when you set the SSL Configuration option for the first time. You must add a certificate to this certificate store for each managed UCS system. The certificate store is located in the RSCD_DIR/UCS/Certificate directory (on Windows) or the NSH_DIR/UCS/Certificate directory (on Linux). The UCS configuration object in BMC Server Automation UCS Manager accepts certificates in .crt format only.

To store a certificate

  1. Connect to the UCS system using an https:// request in a browser.
    You can find the IP address for the server by checking the UCS IP entry in the UCSConf file, which stores the UCS IP address or name and the port value (for example, 10.20.38.15:80). The file is located in the RSCD_DIR/UCS/ directory.
  2. Click I Understand the Risks.
  3. Click Add Exception.
  4. Click View in the Certificate Status section.
  5. Navigate to the Details tab and click Export. Make a note of the saved location.
  6. Copy the exported certificate into the RSCD_DIR/UCS/Certificate directory on the BMC Server Automation UCS Manager server.
  7. Rename the certificate to the name by which the UCS system is registered in the UCS Manager node in the Console. The name might be an IP address or a resolvable DNS name.

    For example, if the UCS system is registered as 10.20.38.15 in BMC Server Automation UCS Manager, then name the exported certificate 10.20.38.15.crt. If the UCS system is registered as UCSsystem3 in BMC Server Automation UCS Manager, then name the exported certificate UCSsytem3.crt.

Note

If you are unable to access UCS Manager using HTTPS, then check if the certificate is signed by an internal certificate authority. If so, then include the certificate from the certificate authority to the server certificate. The server certificate is stored in the RSCD_DIR/UCS/Certificate directory. You need not follow this process if the certificate is self signed.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*