ProLiant Servers (ML,DL,SL)
cancel
Showing results for 
Search instead for 
Did you mean: 

ILO Powershell cmdlets - Import-HPiLOCertificate not successful

NWMrTim
Occasional Visitor

ILO Powershell cmdlets - Import-HPiLOCertificate not successful

Good afternoon,

I installed the ILO powershell cmdlets, and am very excited that I can start automating management of numerous ILOs using powershell.

The first thing I did was generate a bunch of Certificates, but hit a snag when I went to import them with the "Import-HPiLOCertificate" cmdlet.  I kept getting an error saying "invalid common name" when attempting to import certificates.

Checklist:

the ILO FQDNs are entered into DNS with the correct IP address. format is HOSTNAME-ilo.domain.local

these are DL360 Gen 9, and there are 4 places you must designate "the network name" of the ILO, and I double and triple checked that all are entered correctly and the same (even upper and lower case for that matter)

the "Get-HPiLOCertificateSigningRequest" powershell cmdlet worked flawlessly to create the certificate request files (.CSR or .REQ) other than I have to write in a delay to check if status has completed generating the cert - it takes a minute or two even if you click the button in the GUI.

I have a script that signs the certificates in the CA against what is in DNS.  signing works for other services (like SCOM and SCCM) and I can manually sign them as well.

Manually importing by logging into the ILO and copy / paste in the certificate dialog box works without a problem.

has anyone else encountered this?

Thanks!

Tim

Code: (simplified for this post, but will work as is)

$creds= Get-Credential Administrator

$servers = (Get-Content ILOlist.txt)   #local txt file with short names like  HOSTNAME-ilo
foreach ($server in $servers)
{
  $ILOCSR = Get-HPiLOCertificateSigningRequest -Server $server -credential $creds

  $ILOCSR.CERTIFICATE_SIGNING_REQUEST  | Out-File C:\temp\Certs\ILO\$server.req -width 64 -Encoding ascii

 }

3 REPLIES
GokulKS
Valued Contributor

Re: ILO Powershell cmdlets - Import-HPiLOCertificate not successful

Hi,

Can you send me the the Import-HPiLOCertificate cmdlet you executed with parameters and its output with PoewrShell envirnoment details.

HPE PowerShell Team

Gokul

Don't forget to give Kudos if the problem got resolved or like suggestion.
NWMrTim
Occasional Visitor

Re: ILO Powershell cmdlets - Import-HPiLOCertificate not successful

OK so the first script was requesting the cert .REQ files, which then get signed (and I need to add a timing loop to that one)

after they get signed I put them in a folder, and this script reads the server's certificate file name, and imports based on what is present in the folder "C:\temp\certs\ILO"

$creds = Get-Credential Administrator  # prompts for password

$servers = (Get-Childitem  C:\temp\Certs\ILO\*.cer).basename
foreach ($server in $servers)
{
     Import-HPiLOCertificate -server $server -Credential $creds -Certificate (Get-Content C:\temp\Certs\ILO\$server.cer) -force
     write-host "Success for $server..."  # more of a place holder to indicate progress...

}

 

This would all work perfectly except it says:  "Error - bad common name"

in DNS the server is added as  "hostname" (like hostname.domain.local), and the name of the ILO is added like: "hostname-ilo" (so fqdn would be hostname-ilo.domain.local)

In the ILO Ihave noticed there are 4 places to put the "Name" of the ILO, and one is labeled "Server"  so I dont know what name format needs to go where to get the certificate to match up.  I would love to be able to cycle through and rename all 4 of those fields, but I  need to use "Set-HPILOServerName" and "Set-HPILONetworkSetting -Server $server -DNSName ($server + "-ilo"), and I dont think that covers renaming the ILO.  suggestions??

So how can I name the ILOs properly so that when I generate Certificates, I can import the without a "bad common name" error?

 

Thanks

GokulKS
Valued Contributor

Re: ILO Powershell cmdlets - Import-HPiLOCertificate not successful

Hi,

I think i got your problem its not the issue with servername or iLO hostname which is causing certificate import failing.

Problem is with get-content not using -Raw. Once you add that into your script and read the content from .cer file then

you don't hit the issue Invalid certificate common name.

$cert1 = get-content -Path C:\Users\user1\Desktop\certnew_for_165.cer -Raw

Import-HPiLOCertificate -server $server -Credential $cred -Certificate $cert -DisableCertificateAuthentication -Verbose

Let me know if this helps.

Thanks,

Gokul

HPE PowerShell Team

 

Don't forget to give Kudos if the problem got resolved or like suggestion.