Remote Lights-Out Mgmt (iLO 2, iLO, RILOE II) Forum
Showing results for 
Search instead for 
Do you mean 

SSL certificate serial number same as another

Frequent Advisor

SSL certificate serial number same as another

I'm trying to access an HP-UX iLO via the web. I get the following error when I bring the page up in my browser:

Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number.

My question is; how do I get a new certificate?

I can telnet to the iLO just fine, but I don't see anywhere in the menus where I can issue a new certificate.

Any thoughts?
Frequent Advisor

Re: SSL certificate serial number same as another

I found the cause. I'm using firefox, which fully validates the certificate. This is a bug which Stefan Winter posted in September 2005. It seems sad that this shortcoming has persisted this long.
When I use IE, the nastygram doesn't pop up.

Hey HP! Some folks like to use browsers other than IE! Geez, what's a person supposed to do when using Linux, or (gasp) HP-UX?
Honored Contributor

Re: SSL certificate serial number same as another

HP does support firefox on current versions of iLO firmware.

Most likely, the cause is that you imported the iLO certificate into Firefox or it is being cached by Firefox. If iLO is reset for any reason, and it generates a new self-signed certificate, the conflict is noted.

Check the Firefox Certs database tools/options/advanced/view certs/web sites. Chances you will see one for the iLO, and you can delete it.

Another possibility is that you did not permanently import the cert into Firefox but it was cached. If you reboot iLO, a new self-signed cert is issued. In this case, Firefox caches the old cert and it is not flushed until you close firefox and all related windows.

For stronger cert enforcement, you can issue a certificate to iLO. (Administration/Certificate or Administration/Security/Certificate).
//Add this to "OnDomLoad" event