Installing a customized, externally signed server certificate

You can choose to use a server certificate that was signed by a private or commercial certificate authority (CA). To use an externally signed server certificate, generate a certificate signing request and then upload the resulting server certificate to replace the existing certificate in the Lenovo XClarity Administrator trust store that is used by the authentication, HTTPS, and CIM servers.

Before you begin

Ensure that all managed devices have the latest firmware installed before starting any task that might impact connections between the managed devices. To upgrade firmware on managed devices, see Updating firmware on managed devices.

Ensure that XClarity Administrator is successfully communicating with all managed devices by clicking Hardware and then clicking the device type (Chassis or Server). A page is displayed with a tabular view of all managed devices of that type. If any device has a status of "Offline," ensure that network connectivity is working between the management server and the device, and resolve untrusted server certificates if needed (see Resolving an untrusted server certificate).

About this task

When you install a customized externally signed server certificate in XClarity Administrator or a baseboard management-controller or CMM, you must provide the certificate bundle that contains the entire CA signing chain.

When you install a customized server certificate in a chassis or server that is not managed by XClarity Administrator, install the certificate bundle on the CMM before installing it on all management controllers in the CMM.

When you install a customized server certificate to a managed chassis, you first add the CA signing chain to the XClarity Administrator trust store, install the server certificate on every management controller and CMM, and then upload the server certificate to XClarity Administrator.

Tip: If the new server certificate has not been signed by a trusted third party, the next time that you connect to XClarity Administrator, your browser displays a security message and dialog prompting you to accept the new certificate into the browser. To avoid the security messages, you can import a downloaded server certificate into your web browser's list of trusted certificates. For more information about importing server certificates, see Importing the Certificate Authority certificate into a web browser.