Remote Lights-Out Mgmt (iLO 2, iLO, RILOE II) Forum
Showing results for 
Search instead for 
Do you mean 

Importing SSL Certificate AND Private Key?

Occasional Advisor

Importing SSL Certificate AND Private Key?

Hello

We'd like to install proper (ie. signed by a normal CA) SSL certificates on our iLO 2, iLO 3 and iLO 4 systems. As there's a larger number of systems, we'd like to install a wildcard certificate, eg. *.ilo.company.fyi.

To do so, we'd also need to import the SSL private key on the iLO systems. How can I do that? The web interface just talks about importing a certificate and probably assumes, that the key is generated on the system when clicking "Create Certificate Request".

Any ideas?

Thanks a lot,

Alexander

12 REPLIES
HPE Pro

Re: Importing SSL Certificate AND Private Key?

If you follow this link you should see iLO documentation.  Look at theuser guide and the security brief for information about creating and importing SSL certificates

 

http://h17007.www1.hpe.com/us/en/enterprise/servers/solutions/info-library/index.aspx?cat=HP_iLO_4#.WI9WsU0zXDB

 

 




__________________________________________________
No support by private messages. Please ask the forum!      I work for HPE

If you feel this was helpful please click the KUDOS! thumb below!   
Occasional Advisor

Re: Importing SSL Certificate AND Private Key?

Hello Jimmy

Hm, neither in the Security Technology Brief nor in the User Guide, I can find information on how I can import a key.

Can you please be more specific?

Thanks,

Alexander

HPE Pro

Re: Importing SSL Certificate AND Private Key?

The information starts on page 74 of the users guide and page 20 of the technology brief




__________________________________________________
No support by private messages. Please ask the forum!      I work for HPE

If you feel this was helpful please click the KUDOS! thumb below!   
Occasional Advisor

Re: Importing SSL Certificate AND Private Key?

Hi

Pardon, but where on page 20 of the brief does the documentation discuss how a private key can be imported? I'm just not finding it.

Again, could you be so kind and be even more specific?

Thanks
Alexander
Occasional Advisor

Re: Importing SSL Certificate AND Private Key?

hello again

I've just re-read pages 74-77 of the user guide, and I really don't find anything there, which relates to my specific question.

Can you please help?

Thanks a lot

Alexander
HPE Pro

Re: Importing SSL Certificate AND Private Key?

What I've pointed you to is how certificates can be installed in iLO. I don't think there is a way to install a private key.




__________________________________________________
No support by private messages. Please ask the forum!      I work for HPE

If you feel this was helpful please click the KUDOS! thumb below!   
Occasional Advisor

Re: Importing SSL Certificate AND Private Key?

Hello

Ah, okay. But honestly, that was a tremendously complicated way of saying "I don't know" and/or "HPE equipment doesn't support customers who need this functionality", don't you think? :-)

All this RTFM, for nothing ;-)

Regards
Alexander
HPE Pro

Re: Importing SSL Certificate AND Private Key?

Sorry, I quickly glanced at your original message and thought you were asking how to import a certificate as that question comes up often.

 

 




__________________________________________________
No support by private messages. Please ask the forum!      I work for HPE

If you feel this was helpful please click the KUDOS! thumb below!   
Acclaimed Contributor

Re: Importing SSL Certificate AND Private Key?

Importing a private key isn't secure.  Usually you generate a CSR and get it signed and then import that.

Occasional Advisor

Re: Importing SSL Certificate AND Private Key?


Jimmy Vance wrote:

Sorry, I quickly glanced at your original message and thought you were asking how to import a certificate as that question comes up often.

 

 


Yeah, I somehow had the impression, that hadn't fully read my original post :)

Cheers,

Alexander

Occasional Advisor

Importing a private key isn't secure? (was: Importing SSL Certificate AND Private Key?)

[ Edited ]

Dennis Handly wrote:

Importing a private key isn't secure.  Usually you generate a CSR and get it signed and then import that.


 

Uh? Why shouldn't it be secure? Usually, for all the web-, mail- and whatnot-servers, we generate CSRs on trusted systems (or on the system itself) and then install the certificate + key + intermediate cert(s) on the target system(s).

I'd really like to know,why you think, that this is NOT secure.

Could you please expand on that?

Thanks a lot,

Alexander

Acclaimed Contributor

Re: Importing a private key isn't secure? (was: Importing SSL Certificate AND Private Key?)

>Why shouldn't it be secure? ... and then install the certificate + key + intermediate cert(s) on the target system(s).

 

Because the key leaves one host and is installed in another.  Someone could hijack it.  And all your systems have the same key.

I deal with secure devices and it is a big selling point (FIPS requirement) to say that the key NEVER leaves the device.