How to use openssl to generate key pair for SSL.

david8881 · ‎04-06-2016

How can you import a key pair into the ilo.

Does the import_cert.xml from the hpqlocfg.exe and locfg.pl take the private keys?

I did find this article, but was having issues with windows hpqlocfg.exe the locfg.pl I am also experinces unknown errors..

http://www.vcritical.com/2010/11/automating-ssl-certificate-deployments-for-hp-ilo/

my log

HPQLOCFG.exe: Sending (97)
POST /ribcl HTTP/1.1
HOST: sjc21654mdrp01
Content-length: 30

HPQLOCFG.exe: Sending (115)
POST /ribcl HTTP/1.1
HOST: sjc21654mdrp01
Transfer_Encoding: chunked
Content-length: 2095
Connection: Close

HPQLOCFG.exe: Sending (1)

HPQLOCFG.exe: Sending (22)
<RIBCL VERSION="2.0">

HPQLOCFG.exe: Sending (50)
<LOGIN USER_LOGIN="<user>" PASSWORD="<password>">

HPQLOCFG.exe: Sending (30)
<RIB_INFO MODE="write">

HPQLOCFG.exe: Sending (30)
<IMPORT_CERTIFICATE>

HPQLOCFG.exe: Sending (13)

HPQLOCFG.exe: Sending (31)
-----BEGIN RSA PRIVATE KEY-----

HPQLOCFG.exe: Sending (1)

HPQLOCFG.exe: Sending (22)
Proc-Type: 4,ENCRYPTED

HPQLOCFG.exe: Sending (39)
DEK-Info: DES-EDE3-CBC,E52C2EA1689EF611

HPQLOCFG.exe: Sending (0)

HPQLOCFG.exe: Sending (64)
<private key>

HPQLOCFG.exe: Sending (1)

HPQLOCFG.exe: Sending (29)
-----END RSA PRIVATE KEY-----

HPQLOCFG.exe: Sending (1)

HPQLOCFG.exe: Sending (31)
</IMPORT_CERTIFICATE>

HPQLOCFG.exe: Sending (10)

HPQLOCFG.exe: Sending (22)
<RESET_RIB/>

HPQLOCFG.exe: Sending (18)
</RIB_INFO>

HPQLOCFG.exe: Sending (12)
</LOGIN>

HPQLOCFG.exe: Sending (9)
</RIBCL>

HPQLOCFG.exe: Sending (0)

Sending script...
Waiting for Response...

HPQLOCFG.exe: Received (496)

<?xml version="1.0"?>
<RIBCL VERSION="2.23">
<RESPONSE
STATUS="0x0000"
MESSAGE='No error'
/>
</RIBCL>
<?xml version="1.0"?>
<RIBCL VERSION="2.23">
<RESPONSE
STATUS="0x0000"
MESSAGE='No error'
/>
</RIBCL>
<?xml version="1.0"?>
<RIBCL VERSION="2.23">
<RESPONSE
STATUS="0x0000"
MESSAGE='No error'
/>
</RIBCL>
<?xml version="1.0"?>
<RIBCL VERSION="2.23">
<RESPONSE
STATUS="0x0001"
MESSAGE='Error: Line #37: syntax error near ">".'
/>
</RIBCL>

Error:Can not open Log file....

Script failed for DNS:<hostname>

Oscar A. Perez · ‎04-07-2016

iLO doesn't support importing Private/Public RSA key-pair. See my explanation why it doesn't here:

http://community.hpe.com/t5/Remote-Lights-Out-Mgmt-iLO-2-iLO/Anyway-to-change-the-Subject-Alternative-Name-on-iLo-SSL-Cert/m-p/6845098/highlight/true#M7739

What you need to do is to create your own Private CA then, have each iLO generate a CSR then, get the CSR signed by your CA and finally import the signed SSL certificates back into that iLO. The article in the link you posted has a very interesting way to script all of this.

__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

How to use openssl to generate key pair for SSL.

How to use openssl to generate key pair for SSL.

Re: How to use openssl to generate key pair for SSL.