BladeSystem - General
1748054 Members
4601 Online
108758 Solutions
New Discussion

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

 
SOLVED
Go to solution
Steve_Tippett
Frequent Advisor

Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

I have 200 c7000 enclosures and need to get valid SSL certificates installed on them via Powershell.  Generating the .csr file is working fine via Powershell.

But when I try to use the Add-HPOACertificate command (from the HPOAcmdlets module) to install the .cer file, I get an error.  My .cer file is legit - I can browse to the OA GUI and paste the file contents in - the OA resets and then I can see my new certificate.   But when I try scripting the install using the Add-HPOACertificate command, it quickly returns the error "The CA certificate is invalid." 

Here are the 2 key lines in the Powershell script:

$Target_Cert = Get-Content $Certificate_File -Raw

$Result = Add-HPOACertificate -Connection $Target_OA -Type CA -Certificate $Target_Cert

When I display the contents of $Target_Cert it looks good, and piping it thru Get-Member confirms the data type is String.

 

10 REPLIES 10
GZahidi
Advisor

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

Hi Steve,

 

Which OA firmware version are you using ?


I am a HPE Employee
Steve_Tippett
Frequent Advisor

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

Firmware 4.80 is installed across our fleet.
Thank you.


Sent with BlackBerry Work

GZahidi
Advisor

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

Hi,

You can not add SSL certificate through Cmdlet. You need to do it through Web login.

Though you can get the SSL certificate info by using Cmdlet Get-HPEOAcertificate -Type OA .

In your case you are adding SSL certificate and trying to Add certifcate as CA certificate, becuase of this  you are getting error as invalid certificate.


I am a HPE Employee
GZahidi
Advisor
Solution

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

Use the following cmdlet to import SSL certificate to OA

Start-HPOACertificateDownload -Connection $connection -Type OA -URL ftp://10.12.23.17/cer_southking/ldap_southking.cer -Bay <<Bay number of OA where you want to import certificate>>

 You need to store the certificate at ftp server and specify the full path of the certificate as URL in the cmldet.

Note :- If you do not specify the Onboard Administrator bay number, the certificate is downloaded to the current (Active) Onboard Administrator.


I am a HPE Employee
Steve_Tippett
Frequent Advisor

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

It's working now - thanks for the valuable advice!

Sam2018
Visitor

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

We cannot use FTP server in our company, please is there an alternative?

Steve_Tippett
Frequent Advisor

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

Hello Sam,

I successfully used a TFTP server that I downloaded and installed to my workstation.  Get it at http://tftpd32.jounin.net.

Here's the pertinent Powershell code:

        $URL = "tftp://" + $WorkstationIP_Address + "/" + $Bay1_Certificate_File
        Write-Host " Beginning certificate download to" $Target_FQDN -ForegroundColor Cyan
        $Result = Start-HPOACertificateDownload -Connection $Target_OA -Type OA -Bay 1 -URL $URL
        IF ($Result.StatusType -eq "Error")
            {
            Write-Host $Result.StatusMessage " Press Enter to continue" -ForegroundColor Red
            [console]::Beep(999,2000)
            Read-Host
            }
        ELSE
            {
            Write-Host $Result.StatusMessage " Process will now sleep for 3 minutes." -ForegroundColor Cyan
            Sleep -Seconds 180
            }

Sam2018
Visitor

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

Hello Steve,

Thanks a lot for providing the TFTP alternative. Unfortunately, I cannot use this either. Please is there an option to use a share (\\server\file) or a local file (c:\file)?

Steve_Tippett
Frequent Advisor

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

Well, you could read the documentation to see if there are options that suit your situation. And, you didn't explain why you cannot install a TFTP client on your own workstation.