- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Remote Server Management
- >
- Re: SSL Certificate for iLO connection time is so ...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-30-2013 11:04 PM
09-30-2013 11:04 PM
SSL Certificate for iLO connection time is so long
Hi.
I have servers with iLO 1,2, 3. By default iLo uses self-signed cert. I have a Internal CA based on Win 2008R2. So I create a CSR on iLo b retrieve a certificate and the to import it on iLo.
On servers with iLo 3 I have no problem. But on servers with iLo 1, 2 i have VERY (abut 5-10 minutes) long connection time to logon screen and then VERY long time to logon.
I have noticed that self-signed cert is have md5rsa but my CA is sha1rsa hash. Could be this is a reason? Or something else?
Thanks
- Tags:
- certificate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-01-2013 11:31 PM
10-01-2013 11:31 PM
Re: SSL Certificate for iLO connection time is so long
http://bizsupport1.austin.hp.com/bc/docs/support/SupportManual/c02845760/c02845760.pdf
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-02-2013 02:50 AM - edited 10-02-2013 02:52 AM
10-02-2013 02:50 AM - edited 10-02-2013 02:52 AM
Re: SSL Certificate for iLO connection time is so long
thanks for the doc.
I do all the same. Click create request and then import certificate and restart iLo.
Cert is installing corectly but logon proccess is so long time. Have no idea whats wrong.
Certificate only 1024 and from standart template WebServer.
I have install certifacate from this CA and template for the HP bladesystems onboard administator and all is OK.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-03-2013 07:27 PM
10-03-2013 07:27 PM
Re: SSL Certificate for iLO connection time is so long
Have noticed that in iLo status "key generation underway remote console performance may be temporarily diminished". maybe that is the reason? But I dont kmow wthat to do. I have just click request certificate.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2013 07:08 AM
10-04-2013 07:08 AM
Re: SSL Certificate for iLO connection time is so long
Every time you try to create a certificate request, iLO needs a new RSA key pair (Private Key and Public key). Generating RSA key pairs is CPU intensive so, it could takes minutes.
iLO2 has a 66Mhz RISC processor so, key generation in iLO2 could take a long time. Depending of the how big the key is, it could take from just 1 minute to 20 minutes (There is a randomness factor in RSA key generation, this is why sometimes one RSA key pair could take few seconds to generate, next time it could take up to 20 minutes). 1024 bits RSA key pairs usually take just a couple of minutes to generate. 2048 bits RSA key pairs on the other hand could easily take up to 20 minutes to generate.
Because of this, in iLO2 we added a pool where we store a couple of 1024 RSA key pairs plus a couple of 2048 RSA key pairs so, there will always be one ready to be used. If the pool gets depleted (user generates CSRs over and over), or iLO2 is reset to factory defaults, new RSA key pairs will be generated in the background and stored in the pool. As long as the Remote Console remains closed, the background key generation thread would fill up the pool with new RSA keys.
iLO3 and iLO4 have more powerful processors, therefore work differently. They don't need a key pool like iLO2, just one 2048bit RSA key pair that is ready to be used. If consumed, iLO3/4 will have to generate a new one in the background. Still could take few minutes to generate.
__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-07-2013 07:16 PM
10-07-2013 07:16 PM
Re: SSL Certificate for iLO connection time is so long
thanks for your answer. I can accept this "slow ley generation" about 30 min - 1 hour but cert is successfully installed a week ago and still have an issue "long connection time" about 3-5 minites. It is not a normai.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-07-2013 08:25 PM
10-07-2013 08:25 PM
Re: SSL Certificate for iLO connection time is so long
That doesn't sound right. What servers are these? Are you using iLO dedicated NIC or shared NIC? Are the iLOs in a remote location, VPN is being used?
__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-07-2013 09:04 PM - edited 10-07-2013 09:04 PM
10-07-2013 09:04 PM - edited 10-07-2013 09:04 PM
Re: SSL Certificate for iLO connection time is so long
I have various model of the server with iLo 2, like ProLiant BL680c G5, ProLiant DL360 G6, ProLiant BL460c G6
Link type is automatic, dhcp is disabled (static IP), iLo in our network without VPN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-08-2013 06:54 AM
10-08-2013 06:54 AM
Re: SSL Certificate for iLO connection time is so long
What firmware version do you have on these iLO2s? Can you capture a network trace showing your browser opening iLO2 login page on that DL360 G6? No need to login. Just need to see the that TCP traffic. Send me a PM with the capture attached. What browser are you using anyway?
__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-08-2013 07:07 PM - edited 10-08-2013 08:04 PM
10-08-2013 07:07 PM - edited 10-08-2013 08:04 PM
Re: SSL Certificate for iLO connection time is so long
iLo ver 2.05. Have tried IE10 on Win 7 x64 and Chrome.
Hmm, I have try to dump netword traffic. Good idea. Already sending captured traffic to PM.