ProLiant Servers (ML,DL,SL)
cancel
Showing results for 
Search instead for 
Did you mean: 

Intermediate CA certificates

alexvandenzel
Occasional Visitor

Intermediate CA certificates

Hi,

In our (very large) organisation we have a private CA setup for all our internal web-interfaces (security policy). Now it seems the ILO4 on our very new DL380 Gen9 is not able to handle the intermediate CA certificates. Which is more or less mandatory for webservers.

I propose a feature, where it is possible to add intermediate CA certificates, or a certificate chain file (all certificates concatenated). So probably more memory is needed in the ILO system., but memory is cheap nowadays.

Regards,

Alex.

3 REPLIES
Jimmy Vance
HPE Pro

Re: Intermediate CA certificates


alexvandenzel wrote:

Hi,

In our (very large) organisation we have a private CA setup for all our internal web-interfaces (security policy). Now it seems the ILO4 on our very new DL380 Gen9 is not able to handle the intermediate CA certificates. Which is more or less mandatory for webservers.

I propose a feature, where it is possible to add intermediate CA certificates, or a certificate chain file (all certificates concatenated). So probably more memory is needed in the ILO system., but memory is cheap nowadays.

Regards,

Alex.


I've passed your enhancement request on the the iLO team.

For now you can install the intermediate CA certificate in the browser, so that both the intermediate CA and the iLO Cert are available during the SSL handshake and the chain can be completed normally. This is inconvenient, but it works.

 




__________________________________________________
No support by private messages. Please ask the forum!      I work for HPE

If you feel this was helpful please click the KUDOS! thumb below!   
KeithL
Occasional Visitor

Re: Intermediate CA certificates

Did this feature enhancement ever go anywhere?   I could use it too for SSL/TLS certificate validation where I need to have the iLO send the whole certificate chain :   cert->intermediate->root.

vbezhenar
Occasional Advisor

Re: Intermediate CA certificates

I'd like to add my vote as well. I can't properly use letsencrypt certificate because of this issue. Actually automatic support of letsencrypt would be just awesome, but at least intermediate certificates should work as well.