While configuring certificates in UCSM 2.1(1f), I observed that the UCSM does not permit you to create a Certificate Signing Request (CSR) for certificates with more than one Subject Alternative Name (SAN).

However, you can create a certificate with 1 SAN as shown in the image below. The certificate’s SAN is requested using the DNS field (cybergav.com) and the CN is requested using the Subject field (cybergav.in).

 

UCS_CSR

If UCSM permitted users to create CSRs outside UCSM and just use the private key and certificate, then there would not have been any constraint on the certificates used. On the other hand, the current setup enhances security (private key generated and stored only in UCSM) and facilitates certificate configuration for cert newbies.

VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tagged with:

Filed under: Cisco UCS

Like this post? Subscribe to my RSS feed and get loads more!