BladeSystem - General
cancel
Showing results for 
Search instead for 
Did you mean: 

Onboard Administrator Certificate Issue

jfh777
Advisor

Onboard Administrator Certificate Issue

Hello, We have an Enterprise CA on our network. I am working in the Onboard Admin interface for our c7000 enclosure trying to generate a certificate request so I can install an SSL cert from our internal CA.

I follow all the steps by generating the request, pasting the request to the CA, then pasting the contents of the generated cert back to the "Certificate Upload" tab in OA. After that I get this error - "The certificate could not be verified". On the information tab now I have "Error reading the certificate". In addition, the System Log shows "Wrong file permissions detected. Please reset to factory defaults", and "server.crt has wrong file permissions".

Will someone help to clarify this for me? Why am I getting these errors, and how do I fix it?

Regards,
Justin
18 REPLIES
Raghuarch
Honored Contributor

Re: Onboard Administrator Certificate Issue

Hi Justin,

Did you select the Web server (Certificate Template) when you generate a certificate from the CA.

Regards,
Raghuarch
jfh777
Advisor

Re: Onboard Administrator Certificate Issue

Yes, I chose the Web Server certificate. It was worked 50+ times for all of my iLO ports recently. The OA is not cooperating though.
Raghuarch
Honored Contributor

Re: Onboard Administrator Certificate Issue

Justin,

What OA version r u using?

Please find the latest 2.10 in below link. update if you are running a lower version.
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&swItem=MTX-24b81875234f43f998d3b8afcb&jumpid=reg_R1002_USEN

Regards,
Raghuarch
jfh777
Advisor

Re: Onboard Administrator Certificate Issue

Thanks for the link, and for your responses so far. I was running 2.01 and just upgraded it to 2.10. No change in behavior.

Suppose the URL for OA is http://OaName. On the certificate request tab, I would type OaName in the Common Name field, correct?

ARGH!
Raghuarch
Honored Contributor

Re: Onboard Administrator Certificate Issue

Yes. you are right about the Common Name.



Raghuarch
Honored Contributor

Re: Onboard Administrator Certificate Issue

Justin,

I think you may need to do a factory reset.
Make sure you save all the configuration file before you do a factory reset.
It will be under Configuration Scripts.

Regards,
Raghuarch

jfh777
Advisor

Re: Onboard Administrator Certificate Issue

Well, that's what the log says to do, I was just hoping it wasn't true. I'll investigate that option and report back.
Justin
Cederberg
Honored Contributor

Re: Onboard Administrator Certificate Issue

Hey i just did that myself today and found a "feature" you can't upload a working cert to the active Onboard Administrator card. Upload the certificate to the standby OA-card and then switch over and repeate the previous steps..

Try Copy/paste the certificate into the text field and then press upload..

And also the cert must be in X.500/base64
tstock
Occasional Visitor

Re: Onboard Administrator Certificate Issue

What happens if there is no Standby. How do you upload then?
jfh777
Advisor

Re: Onboard Administrator Certificate Issue

Mattias, I tried uploading to the Standby OA, and I got the same result - "the certificate could not be verified".

Strange. Not an emergency by any means. I plan to call HP soon for support.

Thanks for posting.
Justin
tstock
Occasional Visitor

Re: Onboard Administrator Certificate Issue

Justin,

Good luck with HP support. I have a ticket open and I'm not getting anywhere. They are now saying it's the Cert that we are using.
I just don't know what could be wrong with the Cert.
If you get anywhere with them, please update this forum. I'll do the same.

Tom
Alex Stuart
Occasional Visitor

Re: Onboard Administrator Certificate Issue

I had the same problem, but the method of doing the standby OA's certificate first, doing an active-to-standby, & then doing the [now standby] OA worked for me.
jfh777
Advisor

Re: Onboard Administrator Certificate Issue

OK, so this is what I have done...

- I uploaded a new cert to my standby OA.
- I did an Active-to-Standby failover.
- Connecting to the now-active port works fine, the certificate is there and works.
- Uploaded new cert to the now-standby OA.
- Failover again, Active-to-Standby. Back to my original setup.
- The ACTIVE cert works fine, but now my Standby OA cert is gone. On the Certificate Administration Information tab, it's back to the original HP-installed certificate. Connecting to the standby address proves that my uploaded cert is now gone.

Have any of you other guys failed back over to see the results? I would be interested to know what happens.

Regards,
Justin
jfh777
Advisor

Re: Onboard Administrator Certificate Issue

I did call HP support today, by the way. They said they did not really support certificate issues. However, they did sent me a link on how to upload a certificate. So you were right - not very helpful.
Justin
Alex Stuart
Occasional Visitor

Re: Onboard Administrator Certificate Issue

Justin - both OAs kept their certs when failed over (and back again).
Teej123
Occasional Visitor

Re: Onboard Administrator Certificate Issue

I was having this same problem and figured out that if I logged in as the Administrator user instead of my own acccount I could upload a certificate.
jfh777
Advisor

Re: Onboard Administrator Certificate Issue

That's the answer. You have to be logged in as Administrator for it to work properly. I tried that and it worked like a charm, first time.

Thank you to everyone for your contributions. I will close this issue and reward points accordingly!

Regards,
Justin
jfh777
Advisor

Re: Onboard Administrator Certificate Issue

You have to be logged in as the default Administrator account to upload SSL certificates to the Onboard Administrator.