BladeSystem - General
cancel
Showing results for 
Search instead for 
Did you mean: 

Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

SOLVED
Go to solution

Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

I have 200 c7000 enclosures and need to get valid SSL certificates installed on them via Powershell.  Generating the .csr file is working fine via Powershell.

But when I try to use the Add-HPOACertificate command (from the HPOAcmdlets module) to install the .cer file, I get an error.  My .cer file is legit - I can browse to the OA GUI and paste the file contents in - the OA resets and then I can see my new certificate.   But when I try scripting the install using the Add-HPOACertificate command, it quickly returns the error "The CA certificate is invalid." 

Here are the 2 key lines in the Powershell script:

$Target_Cert = Get-Content $Certificate_File -Raw

$Result = Add-HPOACertificate -Connection $Target_OA -Type CA -Certificate $Target_Cert

When I display the contents of $Target_Cert it looks good, and piping it thru Get-Member confirms the data type is String.

 

10 REPLIES
GZahidi
Advisor

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

Hi Steve,

 

Which OA firmware version are you using ?

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

Firmware 4.80 is installed across our fleet.
Thank you.


Sent with BlackBerry Work

GZahidi
Advisor

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

Hi,

You can not add SSL certificate through Cmdlet. You need to do it through Web login.

Though you can get the SSL certificate info by using Cmdlet Get-HPEOAcertificate -Type OA .

In your case you are adding SSL certificate and trying to Add certifcate as CA certificate, becuase of this  you are getting error as invalid certificate.

GZahidi
Advisor
Solution

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

Use the following cmdlet to import SSL certificate to OA

Start-HPOACertificateDownload -Connection $connection -Type OA -URL ftp://10.12.23.17/cer_southking/ldap_southking.cer -Bay <<Bay number of OA where you want to import certificate>>

 You need to store the certificate at ftp server and specify the full path of the certificate as URL in the cmldet.

Note :- If you do not specify the Onboard Administrator bay number, the certificate is downloaded to the current (Active) Onboard Administrator.

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

It's working now - thanks for the valuable advice!

Sam2018
Visitor

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

We cannot use FTP server in our company, please is there an alternative?

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

Hello Sam,

I successfully used a TFTP server that I downloaded and installed to my workstation.  Get it at http://tftpd32.jounin.net.

Here's the pertinent Powershell code:

        $URL = "tftp://" + $WorkstationIP_Address + "/" + $Bay1_Certificate_File
        Write-Host " Beginning certificate download to" $Target_FQDN -ForegroundColor Cyan
        $Result = Start-HPOACertificateDownload -Connection $Target_OA -Type OA -Bay 1 -URL $URL
        IF ($Result.StatusType -eq "Error")
            {
            Write-Host $Result.StatusMessage " Press Enter to continue" -ForegroundColor Red
            [console]::Beep(999,2000)
            Read-Host
            }
        ELSE
            {
            Write-Host $Result.StatusMessage " Process will now sleep for 3 minutes." -ForegroundColor Cyan
            Sleep -Seconds 180
            }

Sam2018
Visitor

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

Hello Steve,

Thanks a lot for providing the TFTP alternative. Unfortunately, I cannot use this either. Please is there an option to use a share (\\server\file) or a local file (c:\file)?

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

Well, you could read the documentation to see if there are options that suit your situation. And, you didn't explain why you cannot install a TFTP client on your own workstation.
Sam2018
Visitor

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

Thank you for your help. We have a very strict security policy so I cannot use FTP or TFTP, not even on my workstation. I have checked the documentation before posting here but it only mentioned the "-url" option using a protocal (example: FTP). I just wanted to check if there is a way for this to work which would save me replacing the certificate manually on all c7000s.