Remote Lights-Out Mgmt (iLO 2, iLO, RILOE II) Forum
Showing results for 
Search instead for 
Do you mean 

ILO FQDN Certificate

SOLVED
Go to Solution
R9Y
Occasional Visitor

ILO FQDN Certificate

Does anyone know when ILO will support certifcate generation using FQDN's instead of just ilo name?

Whether or not it will be possible to import key and cert to get around the issue?
7 REPLIES
Honored Contributor

Re: ILO FQDN Certificate

I don't think iLO Supports FQDN's.
Occasional Visitor

Re: ILO FQDN Certificate

If you install HPONCFG the HP online ILO configuration utility on the server you can assign the FQDN to the ilo.

After that a cert request can be made trough the ILO web interface
Occasional Advisor

Re: ILO FQDN Certificate

Piet, is hponcfg mandatory to get FQDNs into the csr?
Occasional Visitor

Re: ILO FQDN Certificate

Anyone a solution for this problem? I'm using ILO and ILO2. They both refuse to use the FQDN when requesting a certificate.

ILO knows that is has been assigned "ilo.local" from the dnsserver but it doesnt use servername.ilo.local to request the certificate.... :(
R9Y
Occasional Visitor

Re: ILO FQDN Certificate

Hi Armand,

Piet De Bekker's answer has so far been the only solution.

So install the HPONCFG tool into the host server os. You can then set the ilo name to a FQDN name (which it would not allow you to do via the iLO web interface). Then when you generate a csr it will use the FQDN of the iLO, allowing the certificate to be issued using the full address.

I have only tested this on iLO2's on 1.61 and 1.7 firmware.

Jamie
Occasional Advisor

Re: ILO FQDN Certificate

Well I think while this fixes the CSR problem, it might (dunno) break other stuff:

Ilo Help claims:
iLO 2 Subsystem Name:
This represents the DNS name of the iLO 2 subsystem. For example, "ilo" in "ilo.hp.com".

There is also a Domainname field (For example, "hp.com" in "ilo.hp.com".)

Thus correct ILO behaviour would send requests like ilo.hp.com.hp.com.

To me the CSR Problem (no FQDN in there) is an obvious bug but maybe ITRC isn't the right place to post?
Occasional Visitor

Re: ILO FQDN Certificate

Sure, for people using Windows, hponcfg is an option.

What about machines running ESX, Linux, Unix?