- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- ProLiant Servers (ML,DL,SL)
- >
- iLO certifcate Subject Alternative Name no longer ...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-30-2015 06:36 AM
11-30-2015 06:36 AM
Hello,
In the past when I generated a CSR from an iLO, it would include the HOSTNAME as a subject alternative name for the certificate (non-FQDN format). So if my server is SERVERX and my domain is MYDOMAIN.COM, it would generate a CSR with these names:
serverx.mydomain.com
serverx
Howerver, this is no longer the case. Being the lazy admin that I am , I usually just connect to the iLO via the hostname instead of the FQDN. In the past, this was fine since the hostname was in the Subject Alternative Name - but this is now broken and I get a CERT error when I connect not using the FQDN.
Did something change with the ILO firmware that makes is so this is no longer being generated? I am using an iLO 4 with 2.22 and 2.20 (ProLiant Gen9) - I have not tried the lasted firmware yet (which I think is 2.30). I am pretty sure nothing changed with our CA - but I am not a expert in this area, so I really dont know for sure. I am using the template I have used for years from our CA.
Thanks
NK
Solved! Go to Solution.
- Tags:
- certificate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-09-2016 08:18 AM
09-09-2016 08:18 AM
SolutionI finally found a solution for this - at least as long as you are using a Microsoft AD CA server. I had to use the "Additional Attributes" field in the certificate request form. So create the custom certficate request in the iLO as normal - it will generate a CSR using the FQDN of the iLO. Then when submitting that request to CA, add the following to the attributes field:
san:dns=IPADDRESS&dns=ILONAME
Where IPADDRESS is the IP address of the iLO and ILONAME is the non-FQDN name of the iLO in DNS. For example if your iLO is MYSERVERILO using IP address of 10.1.1.1 and the FQDN is MYSERVERILO.MyCorp.com, you will get a certifcate with the Subject name of (which comes from the iLO):
MYSERVERILO.MyCorp.com
and Subject Alternative Names of:
10.1.1.1 and MYSERVERILO
So all three names will work without a certifcate error.
Hope this helps others.
NK