IMC

HTTPS Certificate - HPE IMC (Intelligent Management Center)

 
jrandriam
Occasional Contributor

HTTPS Certificate - HPE IMC (Intelligent Management Center)

Hi

We have an IMC server and we want to add an HTTPS certificate.
I have two questions:
1) What should be the format of the certificate to install on the IMC interface? We were going to use .pfx but it doesn't work, but we saw on the internet that there is also a .jks format
2) Does IMC run on Java?

Best regards

3 REPLIES 3
jguse
HPE Pro

Re: HTTPS Certificate - HPE IMC (Intelligent Management Center)

Hello,

iMC's back-end is Java-based, and runs on OpenJDK from 7.3 E0703 version onwards.

For the certificate installation, you should be able to get .pfx working as well. I've done it before in our lab.

Please check my replies in the following post for an extensive explanation of how to set up the HTTPS Certificate: https://community.hpe.com/t5/IMC/How-to-create-a-CSR-for-SSL/td-p/7105400#.YOwc8OgzZaQ

Hope that helps! Let me know if you still have issues.

Best regards,
Justin

Working @ HPE
Accept or Kudo
AnassL
Visitor

Re: HTTPS Certificate - HPE IMC (Intelligent Management Center)


Hello,
After getting the pfx file, I have a problem to embed the file on the IMC console in graphics mode : System Configuration > HTTPS Access Settings.

I have the error message :

"Failed to modify HTTPS access configurations, files are in use."

Any idea ?

Thanks.

jguse
HPE Pro

Re: HTTPS Certificate - HPE IMC (Intelligent Management Center)

Hello,

Sorry I did not see your response here, I was off for the past two weeks.

The Web GUI HTTPS cert upload can be unreliable sometimes. It depends on the version of iMC, this could be a bug in a recent version that was fixed in the latest patch. However if the Web GUI upload isn't working for you, I'd strongly suggest trying to do the PFX Keystore import manually.

I've described the steps in the other post that I linked, but here is the relevant excerpt:

NOTE: If you did not use the default IMC keystore/keypass password above, you will need to adjust IMC's relevant configuration files before it can open the keystore to use the certificate:

iMC\client\conf\server.xml (defines the HTTPS Connector for iMC)
iMC\client\bin\startup.bat (startup script for iMC – see .sh equivalent on Linux)
The keystore name and password appear as follows in server.xml:

keystoreFile="security/newks" keystorePass="iMCV500R001"

They are stored a bit differently in the startup.bat(.sh) file:

-Djavax.net.ssl.keyStore="%IMC_HOME%\security\newks" -Djavax.net.ssl.keyStorePassword=iMCV500R001

You can adjust the path and password as needed for your keystore and password, save the files, and then restart IMC for the change to take effect. Mind the quotations in server.xml and lack thereof in the startup file. In case of certain special characters like < > in the password, IMC may replace these when starting up with escape characters by design.

Simply put, you could do the following with your .pfx file:

1. Place the PFX file manually into the iMC\client\security folder
2. Edit the two configuration files that I mention in the excerpt above and make sure you change 'newks' to the name (with extension) of your .pfx file instead. Make sure you also adjust the password to the correct one.

3. Restart iMC and see if the web interface works with your cert on HTTPS

If you have issues, please make sure the full cert chain is included in the .pfx file, and that you use the exact same password for the keystore and the private key. iMC expects this and it will not work if the passwords do not match.

Hope that helps.

Best regards,
Justin

Working @ HPE
Accept or Kudo