https://community.hpe.com/t5/server-management-remote-server/proliant-ssl-gate/m-p/4663575#M5124 After waiting for about 3 years, HP finally came with iLO FW 2.00. Promising!, maybe they changed the way SSL certificates are handled in iLO.<BR />YESSSS!! The option FQDN appeared when requesting a SSL certificate.<BR />But unfortunately, apparently the testing department has been sleeping during working hours…<BR />Let me tell you the steps I’ve taken:<BR />Upgrade to iLO FW2.00<BR />Changed the ‘iLO 2 Subsystem Name’ to ‘ iLO-Server’<BR />Changed the ‘Domain Name’ to ‘.domain.com’ (pay attention to the DOT as first character)<BR />Restarted iLO. <BR />Request certificate, copied request, put into the advanced certificate site of our own CA. <BR />Issued the certificate (look promising, because the FQDN is really in the common name!)<BR />Donwloaded the certnew.cer and edited with notepad, copied text and pasted into step 3. <BR />OK! Certificate accepted! Please restart. <BR />BUT after restarting, the default iLO certificate has become active! ARRGGGHHH<BR /><BR />Did the same procedure but then with the option ‘Short Name’. This works as it has been working before! <BR />But what is the point of having a certificate with only the short name ‘iLO-SERVER’ instead of ‘iLO-SERVER.domain.com???? <BR />Another thing:<BR />When using our own CA, only 2003 CA works with self-signing SSL from iLO devices.<BR />We tried to issue iLO certificates to a new Windows 2008 R2 with CA installed, but iLO cannot handle the output generated with CA 2008R2. It says:<BR />X.509 Certificate Import Error<BR />The Certificate could not be imported from the supplied X.509 Certificate data.<BR /><BR />Check the following:<BR />- Make sure that the input text was base64 encoded X.509 Certificate data.<BR />- Make sure that the input X.509 Certificate data was intended for this server (not another server).<BR /><BR />Concluding this: HP iLO department still did not manage to create a good SSL code!<BR />Other whis-list:<BR />Option to insert already purchased wildcard SSL.<BR /><BR />I deeply hope someone of the iLO programming department is reading this, and hopefully they will put some effort in correctly programming a more then 3 year old pain in the ***.<BR /><BR />Thank u for your time. Tue, 20 Jul 2010 12:12:16 GMT Gerrit Heinen - T-ICT B 2010-07-20T12:12:16Z https://community.hpe.com/t5/server-management-remote-server/proliant-ssl-gate/m-p/4663575#M5124 After waiting for about 3 years, HP finally came with iLO FW 2.00. Promising!, maybe they changed the way SSL certificates are handled in iLO.<BR />YESSSS!! The option FQDN appeared when requesting a SSL certificate.<BR />But unfortunately, apparently the testing department has been sleeping during working hours…<BR />Let me tell you the steps I’ve taken:<BR />Upgrade to iLO FW2.00<BR />Changed the ‘iLO 2 Subsystem Name’ to ‘ iLO-Server’<BR />Changed the ‘Domain Name’ to ‘.domain.com’ (pay attention to the DOT as first character)<BR />Restarted iLO. <BR />Request certificate, copied request, put into the advanced certificate site of our own CA. <BR />Issued the certificate (look promising, because the FQDN is really in the common name!)<BR />Donwloaded the certnew.cer and edited with notepad, copied text and pasted into step 3. <BR />OK! Certificate accepted! Please restart. <BR />BUT after restarting, the default iLO certificate has become active! ARRGGGHHH<BR /><BR />Did the same procedure but then with the option ‘Short Name’. This works as it has been working before! <BR />But what is the point of having a certificate with only the short name ‘iLO-SERVER’ instead of ‘iLO-SERVER.domain.com???? <BR />Another thing:<BR />When using our own CA, only 2003 CA works with self-signing SSL from iLO devices.<BR />We tried to issue iLO certificates to a new Windows 2008 R2 with CA installed, but iLO cannot handle the output generated with CA 2008R2. It says:<BR />X.509 Certificate Import Error<BR />The Certificate could not be imported from the supplied X.509 Certificate data.<BR /><BR />Check the following:<BR />- Make sure that the input text was base64 encoded X.509 Certificate data.<BR />- Make sure that the input X.509 Certificate data was intended for this server (not another server).<BR /><BR />Concluding this: HP iLO department still did not manage to create a good SSL code!<BR />Other whis-list:<BR />Option to insert already purchased wildcard SSL.<BR /><BR />I deeply hope someone of the iLO programming department is reading this, and hopefully they will put some effort in correctly programming a more then 3 year old pain in the ***.<BR /><BR />Thank u for your time. Tue, 20 Jul 2010 12:12:16 GMT https://community.hpe.com/t5/server-management-remote-server/proliant-ssl-gate/m-p/4663575#M5124 Gerrit Heinen - T-ICT B 2010-07-20T12:12:16Z