BladeSystem - General
cancel
Showing results for 
Search instead for 
Did you mean: 

OA Certificate Request

 
Thomas Condon
Occasional Visitor

OA Certificate Request

I am attempting to generate a certificate-signing request so that I can create a signed certificate using a Windows Server 2003 Enterprise CA (basically to kill the "invalid certificate" prompt that comes up every time you launch the OA or iLO consoles). I'm not having much luck and was wondering if anyone had done this yet and could assist me in the proper steps.
3 REPLIES
Michael Oberholtzer
Occasional Advisor

Re: OA Certificate Request

Thomas,

Did you find a solution? I have the same problem. I've uploaded certs for AD authentication and SIM integration and generated a CSR for SSL access. But there doesn't seem to be any place to upload the CA cert.

Mike
Thomas Condon
Occasional Visitor

Re: OA Certificate Request

Nope, no one has responded to this at all. I guess it's a brilliant "feature" of IE that we just won't be able to get rid of.
James ~ Happy Dude
Honored Contributor

Re: OA Certificate Request

Once signed and returned from the certificate authority, the certificate can be uploaded under the "Certificate Upload" tab.
If a static IP address is configured for Onboard Administrator when this certificate request is generated, the certificate request will be issued to the static IP address. Otherwise, it is issued to the dynamic DNS
name of the Onboard Administrator. The certificate, by default, requests a valid duration of 10 years (this value is currently not configurable).
When submitting the request to the certificate authority, be sure to:
1. Use the Onboard Administrator URL for the server.
2.Request the certificate be generated in the RAW format.
3.Include the Begin and End certificate lines. Certificate Upload tab
There are two methods for uploading certificates for use in HP BladeSystem Onboard Administrator:
4â ¢Paste certificate contents into the text field and click Upload.
5â ¢ Paste the URL of the certificate into the URL field and click Apply.
The certificate to be uploaded must be from a certificate request sent out and signed by a certificate authority for this particular Onboard Administrator. Otherwise, the certificate fails to match the private
keys used to generate the certificate request, and the certificate is rejected. Also, if the Onboard Administrator domain has been destroyed or reimported, then you must repeat the steps for generating a certificate request. It will be re-signed by a certificate authority because the private keys are destroyed and recreated along with the Onboard Administrator domain.
If the new certificate is successfully accepted and installed by the Onboard Administrator, then you are automatically signed out. The HTTP server must be restarted for the new certificate to take effect.