Remote Lights-Out Mgmt (iLO 2, iLO, RILOE II) Forum
Showing results for 
Search instead for 
Do you mean 

Anyone have iLO 3 certificate signing working?

SOLVED
Go to Solution
Honored Contributor

Anyone have iLO 3 certificate signing working?

We have been able to sucessfully sign iLO 2 certicates with our internal Windows 2008 R2 CA and it works great. Now we are trying to use the same process and certifcate template (1024-bit encryption) with the new iLO 3 and it is not working. It says:

The Certificate could not be imported from the supplied X.509 Certificate data.

Check the following:
- Make sure that the input text was base64 encoded X.509 Certificate data.
- Make sure that the input X.509 Certificate data was intended for this server (not another server).

Does anyone have document process for signing iLO 3 certicates with a Windows 2008 or 2008 R2 CA that they could share? Here what we have been doing in the past:

1) Generate certicate from iLO web interface and copy it to clipboard.
2) Go to our CA web site http://caservername/certsrv
3) Click on "Request a Certificate" link
4) Click on "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file" link.
5) Paste from clipboard into the "Saved Request" field.
6) Select our template from the "Certificate Template" drop-down list. This is the same one that works perfectly for iLO 2 (1024-bit encryption).
7) Click on the "Submit" button.
8) Select "Base 64 encoded" radio button.
9) Click on "Download Certifcate" button and save as a TEXT file.
10) Copy contents of TEXT file to the "Import the certificate" field in the iLO 3 web page.
11) Generates above mentioned error.

Thanks
Nelson
12 REPLIES
Occasional Advisor

Re: Anyone have iLO 3 certificate signing working?

We're having the exact same problem with iLO3 and our Windows 2003 CAs. (Working fine with iLO / iLO2.)

iLO3 FW: 1.05

No solution as yet, but at least you know you're not alone. Will post more info if I find out anything further.
Occasional Advisor

Re: Anyone have iLO 3 certificate signing working?

Not resolved in iLO3 FW 1.10 either.
Honored Contributor

Re: Anyone have iLO 3 certificate signing working?

Thanks. Misery love company I guess :)

Nelson
Occasional Visitor

Re: Anyone have iLO 3 certificate signing working?

I am having the same problem with iLO 3 (1.05) and a Windows 2008 R2 Enterprise CA. Is there a fix yet?
Honored Contributor

Re: Anyone have iLO 3 certificate signing working?

This is what I reproduced. If the cert generated by your CA in Base64 is larger than 2048 bytes then, the iLO3 web interface doesn't allow you to import it.
This will be fixed in the next release.



__________________________________________________
I work for Hewlett Packard

If you feel this was helpful please click the KUDOS! thumb below!
Frequent Advisor

Re: Anyone have iLO 3 certificate signing working?

This issue has been resolved in Firmware 1.15, released October 28.
Honored Contributor

Re: Anyone have iLO 3 certificate signing working?

Thanks - I will try out the new firmware shortly.
Occasional Advisor

Re: Anyone have iLO 3 certificate signing working?

f/w v1.15. I'm still having this issue. Furthermore, after the error message is given iLO3 completely locks up and I have to restart it using the windows online configuration tool.

I've tried resetting everything back to defaults with no success.
Honored Contributor

Re: Anyone have iLO 3 certificate signing working?

How big is your cert? Can you attach one so I can test it?



__________________________________________________
I work for Hewlett Packard

If you feel this was helpful please click the KUDOS! thumb below!
Occasional Advisor

Re: Anyone have iLO 3 certificate signing working?

cert is 3.70 KB in size.
Honored Contributor

Re: Anyone have iLO 3 certificate signing working?

The latest firmware fixed my problem. I am now able to sign the certificate using our internal CA.
Honored Contributor

Re: Anyone have iLO 3 certificate signing working?

Update to firmware 1.15.