Deploying customized server certificates to managed devices

You can deploy customized server certificates to managed devices by uploading and installing the externally-signed certificate bundle using the CMM and management controller for those devices.

Before you begin

Ensure that the latest firmware is installed on all managed devices (see Updating firmware on managed devices).

When generating a certificate signing request (CSR) for custom certificates, ensure that you select a common name that matches the IP address or hostname that is used to identify the device. Failure to select the correct value might result in connections that are not trusted.

Ensure that you obtain a certificate bundle that contains the entire signing chain, from the end-server certificate to the root (base) certificate of the trusted CA that can be used to verify the complete certificate chain of trust.

Do not change the Lenovo XClarity Administrator server certificate while a managed device is "Offline." You must repair the connection before modifying Lenovo XClarity Administrator, otherwise additional steps might be required to repair the connectivity issues (see Resolving an untrusted server certificate).

About this task

This section contains recommendations for ensuring continued successful communication between Lenovo XClarity Administrator and the managed devices. For detailed instructions about how to generate a CSR and import a signed certificate, see your device documentation.

If Lenovo XClarity Administrator is managing one or more chassis, rack servers, and tower servers, and the default Lenovo XClarity Administrator internally signed certificates are currently installed on Lenovo XClarity Administrator and the managed devices, you can deploy customized server certificate.

If the externally signed server certificate is installed on the device before the you attempt to manage the device by Lenovo XClarity Administrator, no additional steps are needed. To deploy a custom server certificate to devices that are managed under Lenovo XClarity Administrator management, you must perform one of the following steps to ensure continued connectivity between the management server and the managed devices.

Procedure

Complete one of the following options to deploy the customized externally signed server certificate to managed chassis or servers.