HPE Community
Servers - General
1751851 Members
5438 Online
108782 Solutions
New Discussion юеВ

Re: HP IP KVM - Certificate

 
JCarvalho
Occasional Visitor

тАО08-10-2016 01:11 AM

тАО08-10-2016 01:11 AM

HP IP KVM - Certificate

Hi,

I have and old AF601A - HP 2x1x16 IP Console Switch with Virtual Media. I just upgraded it to the last 2013 firmware, because I boughth USB adaptars that require this firmware.

The problem is that this release uses a new web interface, and the ssl certificate is expired. I've tried to install a new self-signed, 3rd party signed, etc certificate, but without success.

If I just update the internal certificate, I have problems because the HP certificate is not issued by a recognized authority. Since now the console coneections are java based, nothing works until I get a working certificate.

Can someone help with this?

 

Thanks

JP

1 person had this problem.
0 Kudos
Reply
3 REPLIES 3
BH-MNGI
Visitor

тАО10-13-2016 12:40 PM - edited тАО10-13-2016 12:41 PM

тАО10-13-2016 12:40 PM - edited тАО10-13-2016 12:41 PM

Re: HP IP KVM - Certificate

Hey JP,

I didn't have any luck adding a self-signed certificate and just applied a new cert using the Tools -> Install Web Server Certificate option using the fields.  The cert is still invalid due to the root CA missing, but when I followed the steps in the URL below I was able to access the KVM. 

https://xiaoxiaoke.wordpress.com/2015/10/06/changing-java-security-restriction-for-network-connect-error-issue-in-kvm/

Once I updated the Java client, added the exception for the KVM and made the change to the security file I was able to launch the links and see the console screens using IE 11 on a Windows 7 computer. 

0 Kudos
Reply
JCarvalho
Occasional Visitor

тАО10-14-2016 04:15 AM - edited тАО10-14-2016 04:16 AM

тАО10-14-2016 04:15 AM - edited тАО10-14-2016 04:16 AM

Re: HP IP KVM - Certificate

Hi,

After much time trying diferent things I was able to add a self-signed certificate. Here are the steps (done against our Windows CA Authority)

1 - Generate Request and PrivateKey

openssl req -newkey rsa:2048 -keyout serverprvkey.pem -nodes -sha1 -days 1095 -out server.req

2 - Generate certificate against CA

certreq -attrib "CertificateTemplate:WebServer"

3 - convert BEGIN PRIVATE KEY to BEGIN RSA PRIVATE KEY)

openssl rsa -in server2prvkey.pem -out server2_newkey.pem

4 - copy paste rsa key to cert

5 - upload to kvm

The problem is that it works ok when you access the KVM throw the browser. The certificate is valid and all is ok. But since the new firware uses JAVA to remote connect, when you try to connect the JAVA window shows the old certificate.

I don't understant why. Using http/http the browser is serverd with the new certificate. When JAVA connects it shows the old certificate that is not valid.

Regards

JP

Reply
MattGo404
Occasional Visitor

тАО04-27-2020 01:30 AM - last edited on тАО04-28-2020 04:17 AM by

тАО04-27-2020 01:30 AM - last edited on тАО04-28-2020 04:17 AM by

Re: HP IP KVM - Certificate

Hello @JCarvalho , can you please help me?--I tried created a self-signed certificate for upload to my AF602A.  I used the following command but it says the  openssl certificate I generated is invalid.  Going through the web interface (Tools...Install Web Server Certificate) I upload the server.crt file and get a "Certificate is not valid" error.

openssl req -newkey rsa:2048 -x509 -keyout serverprvkey.pem -nodes -sha1 -days 3650 -out server.crt

For the CN, I used the SNMP name of KVM "CRCS-HP-KVM" (I also tried IP address, but no better).

I don't have a WIndows CA, so I just wanted to try self-signed if it works--or do I need a CA somehow?  Thanks.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.