- Community Home
- >
- Servers and Operating Systems
- >
- HPE BladeSystem
- >
- BladeSystem - General
- >
- Re: How to go back to self-signed certificate on V...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-07-2012 11:30 AM
05-07-2012 11:30 AM
How to go back to self-signed certificate on Virtual Connect?
Holger had an interesting customer question:
***************
A customer has uploaded their own SSL certificate to the Virtual Connect.
This certificate has expired and he would like to go back to the initial self-signed certificate (which he did not back up earlier).
Does someone know how this can be done?
Any documentation I can find does not explain anything about recreating the initial self-signed certificate.
**************
Input from Chris:
*****************
VC Manager doesn't support recreating SSL Signed Certs within the WebUI or CLI. However, you can create a new SSL Cert Request, and use it instead. I should note that I haven't tried it myself, but it should work. You can refer to this site for more info on creating an Apache Self-Signed Certificate: http://www.sslshopper.com/article-how-to-create-and-install-an-apache-self-signed-certificate.html
**************
Any other help or suggestions?
- Tags:
- certificate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-02-2012 08:51 AM
07-02-2012 08:51 AM
Re: How to go back to self-signed certificate on Virtual Connect?
Here's the solution (many thanks to Reiner Rottmann!)
One does need a freshly setup Certificat Authority (CA) and a freshly created selfsigned 4096 Bit Certificate.
1)
$ openssl genrsa -out ca.key 4096
Generating RSA private key, 4096 bit long modulus
.........................................................................................++
............................................................................++
e is 65537 (0x10001)
2)
$ openssl req -new -x509 -days 1826 -key ca.key -out ca.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
3a)
$ ls
ca.crt ca.key
3b)
$ cat ca.crt
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
4)
$ cat > vc.csr <<CSR
-----BEGIN CERTIFICATE REQUEST-----
...
-----END CERTIFICATE REQUEST-----
CSR
5)
$ openssl x509 -req -days 3650 -in vc.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out vc.crt
Signature ok
subject=/O=Hewlett-Packard/OU=Virtual Connect Manager/CN=<IP-Adress>
Getting CA Private Key
$ cat vc.crt
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
6)
$ scp vc.crt root@host:/var/ftp/pub
$ ssh Administrator@vc
Password:
Last login: Fri May 18 14:26:38 2012 from IP-Adress
-------------------------------------------------------------------------------
HP Virtual Connect Management CLI v3.18
Build: 3.18-3 (r46087) Apr 1 2011 17:45:49
(C) Copyright 2006-2011 Hewlett-Packard Development Company, L.P.
All Rights Reserved
-------------------------------------------------------------------------------
6a)
->load ssl-certificate Address=ftp://anonymous:no@<IP-adress> Filename=/pub/vc.crt
SUCCESS: SSL certificate transferred and applied
6b)
->show ssl-certificate
=============================================================
Serial Number Issuer Subject
=============================================================
01 :customer IP-Adress:Virtual
Connect
Manager:Hewlett-Packard
-------------------------------------------------------------
- Tags:
- OpenSSL