https://community.hpe.com/t5/server-management-remote-server/ilo-directory-ca-certificate-issue-no-ad-login-possible/m-p/7022272#M8185 <P>Hi Lulu,</P><P>If you have performed a reset of the ILO from ILO itself then it is not a factory reset.&nbsp;&nbsp;Please use the Intelligent Provisioning&gt;Perform Maintenance&gt;ILO configuration&gt;Reset&gt;Factory Reset to perform the factory reset. But please make sure that you backup/copy all the license and necessary information.&nbsp;</P><P>If the issue persists then contact us by logging a case on the below portal:-</P><P><A href="https://support.hpe.com/hpesc/public/home" target="_blank">https://support.hpe.com/hpesc/public/home</A></P><P>&nbsp;</P><P>Regards,</P><P>Bunsol.</P><P>&nbsp;</P> Thu, 18 Oct 2018 09:19:35 GMT Bunsol 2018-10-18T09:19:35Z https://community.hpe.com/t5/server-management-remote-server/ilo-directory-ca-certificate-issue-no-ad-login-possible/m-p/7022196#M8184 <P>Hello All,</P><P>I (mistakenly) imported a domain controller AD certificate in the iLO of one of my servers (DL380p G8, iLO 4 2.61)</P><P>Security &gt; Directory &gt; scroll all the way down, Certificate Status &gt; Import</P><P>And now AD authentication doesn't work anymore..</P><P>There is very very little documentation about&nbsp;this "Directory Server CA Certificate" online.</P><P>The only information I have is from the iLO's help itself:</P><DIV>&nbsp;</DIV><BLOCKQUOTE><P>[...]<BR />9. Optional: Import a new CA certificate.</P><P style="padding-left: 30px;">a. Click<SPAN>&nbsp;</SPAN><SPAN class="bold"><STRONG>Import</STRONG></SPAN><SPAN>&nbsp;</SPAN>in the<SPAN>&nbsp;</SPAN><SPAN class="bold"><STRONG>Certificate Status</STRONG></SPAN><SPAN>&nbsp;</SPAN>text box.</P><P style="padding-left: 30px;">b. Paste the Base64-encoded X.509 certificate data into the<SPAN>&nbsp;</SPAN><SPAN class="guilabel"><STRONG>Import Certificate</STRONG></SPAN><SPAN>&nbsp;</SPAN>window, and then click<SPAN>&nbsp;</SPAN><SPAN class="bold"><STRONG>Import</STRONG></SPAN>.</P><P>10. Optional: Replace an existing CA certificate.</P><P style="padding-left: 30px;">a. Click<SPAN>&nbsp;</SPAN><SPAN class="bold"><STRONG>View</STRONG></SPAN><SPAN>&nbsp;</SPAN>in the<SPAN>&nbsp;</SPAN><SPAN class="bold"><STRONG>Certificate Status</STRONG></SPAN><SPAN>&nbsp;</SPAN>text box.</P><P style="padding-left: 30px;">b. Click<SPAN>&nbsp;</SPAN><SPAN class="guibutton"><STRONG>New</STRONG></SPAN><SPAN>&nbsp;</SPAN>in the<SPAN>&nbsp;</SPAN><SPAN class="guilabel"><STRONG>Certificate Details</STRONG></SPAN><SPAN>&nbsp;</SPAN>window.</P><P style="padding-left: 30px;">c. Paste the Base64-encoded X.509 certificate data into the<SPAN>&nbsp;</SPAN><SPAN class="guilabel"><STRONG>Import Certificate</STRONG></SPAN><SPAN>&nbsp;</SPAN>window, and then click<SPAN>&nbsp;</SPAN><SPAN class="bold"><STRONG>Import</STRONG></SPAN>.</P><P>11. To test the communication between the directory server and iLO, click<SPAN>&nbsp;</SPAN><SPAN class="guilabel"><STRONG>Test Settings</STRONG></SPAN>.</P><P>[...]</P><DIV><DIV><DIV><EM>Directory Server CA Certificate</EM></DIV></DIV></DIV><P><EM>During LDAP authentication, iLO validates the directory server certificate if the CA certificate is already imported. For successful certificate validation, make sure that you import the correct CA certificate. If certificate validation fails, iLO login is denied and an iLO event is logged. If no CA certificate is imported, the directory server certificate validation step is skipped.</EM></P><P><EM>To verify SSL communication between the directory server and iLO, click&nbsp;<SPAN class="bold"><STRONG>Test Settings</STRONG></SPAN>.</EM></P></BLOCKQUOTE><P>&nbsp;</P><P>I'm now trying to delete this imported certificate but I can't manage to find how to do that.<BR />Nowhere in the iLO you have the option to delete this certificate, you can only import another one.<BR />I've tried to reset the iLO to factory defaults but the certificate remains.<BR />The cli doesn't give me the option to delete the certificate neither.</P><P>It used to work without certificate, and as mentioned in the iLO's help:</P><P><EM>If no CA certificate is imported, the directory server certificate validation step is skipped.</EM></P><P>However now that there's a certificate&nbsp;the directory server certificate validation&nbsp;is always checking the imported certificate which obviously doesn't work and AD auth. fails.</P><P>I'd like to rollback to the previous config where there was no certificate, does anyone know how to do this?</P><P>&nbsp;</P> Wed, 17 Oct 2018 18:47:06 GMT https://community.hpe.com/t5/server-management-remote-server/ilo-directory-ca-certificate-issue-no-ad-login-possible/m-p/7022196#M8184 lulu62 2018-10-17T18:47:06Z https://community.hpe.com/t5/server-management-remote-server/ilo-directory-ca-certificate-issue-no-ad-login-possible/m-p/7022272#M8185 <P>Hi Lulu,</P><P>If you have performed a reset of the ILO from ILO itself then it is not a factory reset.&nbsp;&nbsp;Please use the Intelligent Provisioning&gt;Perform Maintenance&gt;ILO configuration&gt;Reset&gt;Factory Reset to perform the factory reset. But please make sure that you backup/copy all the license and necessary information.&nbsp;</P><P>If the issue persists then contact us by logging a case on the below portal:-</P><P><A href="https://support.hpe.com/hpesc/public/home" target="_blank">https://support.hpe.com/hpesc/public/home</A></P><P>&nbsp;</P><P>Regards,</P><P>Bunsol.</P><P>&nbsp;</P> Thu, 18 Oct 2018 09:19:35 GMT https://community.hpe.com/t5/server-management-remote-server/ilo-directory-ca-certificate-issue-no-ad-login-possible/m-p/7022272#M8185 Bunsol 2018-10-18T09:19:35Z