ProLiant Servers (ML,DL,SL)
cancel
Showing results for 
Search instead for 
Did you mean: 

ILO Powershell cmdlets - Import-HPiLOCertificate not successful

 
NWMrTim
Occasional Visitor

ILO Powershell cmdlets - Import-HPiLOCertificate not successful

Good afternoon,

I installed the ILO powershell cmdlets, and am very excited that I can start automating management of numerous ILOs using powershell.

The first thing I did was generate a bunch of Certificates, but hit a snag when I went to import them with the "Import-HPiLOCertificate" cmdlet.  I kept getting an error saying "invalid common name" when attempting to import certificates.

Checklist:

the ILO FQDNs are entered into DNS with the correct IP address. format is HOSTNAME-ilo.domain.local

these are DL360 Gen 9, and there are 4 places you must designate "the network name" of the ILO, and I double and triple checked that all are entered correctly and the same (even upper and lower case for that matter)

the "Get-HPiLOCertificateSigningRequest" powershell cmdlet worked flawlessly to create the certificate request files (.CSR or .REQ) other than I have to write in a delay to check if status has completed generating the cert - it takes a minute or two even if you click the button in the GUI.

I have a script that signs the certificates in the CA against what is in DNS.  signing works for other services (like SCOM and SCCM) and I can manually sign them as well.

Manually importing by logging into the ILO and copy / paste in the certificate dialog box works without a problem.

has anyone else encountered this?

Thanks!

Tim

Code: (simplified for this post, but will work as is)

$creds= Get-Credential Administrator

$servers = (Get-Content ILOlist.txt)   #local txt file with short names like  HOSTNAME-ilo
foreach ($server in $servers)
{
  $ILOCSR = Get-HPiLOCertificateSigningRequest -Server $server -credential $creds

  $ILOCSR.CERTIFICATE_SIGNING_REQUEST  | Out-File C:\temp\Certs\ILO\$server.req -width 64 -Encoding ascii

 }

3 REPLIES 3
GokulKS
HPE Pro

Re: ILO Powershell cmdlets - Import-HPiLOCertificate not successful

Hi,

Can you send me the the Import-HPiLOCertificate cmdlet you executed with parameters and its output with PoewrShell envirnoment details.

HPE PowerShell Team

Gokul


I am a HPE Employee

Accept or Kudo

NWMrTim
Occasional Visitor

Re: ILO Powershell cmdlets - Import-HPiLOCertificate not successful

OK so the first script was requesting the cert .REQ files, which then get signed (and I need to add a timing loop to that one)

after they get signed I put them in a folder, and this script reads the server's certificate file name, and imports based on what is present in the folder "C:\temp\certs\ILO"

$creds = Get-Credential Administrator  # prompts for password

$servers = (Get-Childitem  C:\temp\Certs\ILO\*.cer).basename
foreach ($server in $servers)
{
     Import-HPiLOCertificate -server $server -Credential $creds -Certificate (Get-Content C:\temp\Certs\ILO\$server.cer) -force
     write-host "Success for $server..."  # more of a place holder to indicate progress...

}

 

This would all work perfectly except it says:  "Error - bad common name"

in DNS the server is added as  "hostname" (like hostname.domain.local), and the name of the ILO is added like: "hostname-ilo" (so fqdn would be hostname-ilo.domain.local)

In the ILO Ihave noticed there are 4 places to put the "Name" of the ILO, and one is labeled "Server"  so I dont know what name format needs to go where to get the certificate to match up.  I would love to be able to cycle through and rename all 4 of those fields, but I  need to use "Set-HPILOServerName" and "Set-HPILONetworkSetting -Server $server -DNSName ($server + "-ilo"), and I dont think that covers renaming the ILO.  suggestions??

So how can I name the ILOs properly so that when I generate Certificates, I can import the without a "bad common name" error?

 

Thanks

GokulKS
HPE Pro

Re: ILO Powershell cmdlets - Import-HPiLOCertificate not successful

Hi,

I think i got your problem its not the issue with servername or iLO hostname which is causing certificate import failing.

Problem is with get-content not using -Raw. Once you add that into your script and read the content from .cer file then

you don't hit the issue Invalid certificate common name.

$cert1 = get-content -Path C:\Users\user1\Desktop\certnew_for_165.cer -Raw

Import-HPiLOCertificate -server $server -Credential $cred -Certificate $cert -DisableCertificateAuthentication -Verbose

Let me know if this helps.

Thanks,

Gokul

HPE PowerShell Team

 


I am a HPE Employee

Accept or Kudo