Server Management - Remote Server Management
1748280 Members
4117 Online
108761 Solutions
New Discussion

Re: Website's Security Certificate Error Page When Connecting to iLO1 & iLO2 through IE7

 
Chuck O.
New Member

Re: Website's Security Certificate Error Page When Connecting to iLO1 & iLO2 through Internet Explorer 7

Hello all,

We have a lab with >1000 ILOs, which are accessed during classes by students from a bank of Windows 2003 servers (via Terminal Services) on an isolated classroom network.

We wish to upgrade our Win2003 TS platforms to use IE7, but see the warning message as noted in this thread when connecting to the ILOs. Since these ILOs and systems are used for training delivery, we would prefer to not throw the students off with this warning every time they connect.

It is not practical for us to install valid "trusted root" certs onto each of the >1000 ILOs - likewise, installing the ~1000 non-trusted ILO certs onto each Win2003 TS system. Is there any way, on these isolated classroom Win2003 TS servers, to configure IE7 on the systems to accept "all certs issued by HP" (as the ILO certs are) as "trusted root" certs? I believe this would be the cleanest solution for our classroom/lab environment, but being cert-challenged, I'm not sure if it's possible.

Many thanks, Best regards,

-Chuck O.
kbnet
New Member

Re: Website's Security Certificate Error Page When Connecting to iLO1 & iLO2 through Internet Explorer 7

Hi all:

You can sign your certificates for iLO with a self generated CA which you import in all browsers. Unfortunately it doesn't solve the problem because the CSR does not consider the FQDN.
anthony11
Regular Advisor

Re: Website's Security Certificate Error Page When Connecting to iLO1 & iLO2 through Internet Ex


@acartes wrote:
This is not a problem with the firmware.

The devices (like iLO) that accept secured connections (SSL) exchange certificates with the client (browser). The certificates are part of the security exchange, and in part they help prove the authenticity of the site (i.e., not a trojan horse).

Your browser is reacting to the iLO certificate - it was issued by iLO to iLO, a self-signed certificate. This is suspicious to the browser, so it flags it and makes you decide whether to trust the site.


- accept and import the certificate
- allow it for the current session

How?  I can do this readily with Firefox, but video console redirection effectively requires MSIE running on an MS Windows VM and I can find no way there to accept the cert.

Dennis Handly
Acclaimed Contributor

Re: Website's Security Certificate Error Page When Connecting to iLO1 & iLO2 through IE7

>I can do this readily with Firefox, ... requires MSIE and I can find no way there to accept the cert.

 

Hmm, I thought IE had a link in the find print on the warning page that would accept it.

But if that's not here, you can do the obvious.  Export the certificate in firefox and import it into IE.

anthony11
Regular Advisor

Re: Website's Security Certificate Error Page When Connecting to iLO1 & iLO2 through IE7

Figuring out how to do that in MSIE is far from obvious.

 

Dennis Handly
Acclaimed Contributor

Re: Website's Security Certificate Error Page When Connecting to iLO1 & iLO2 through IE7

>Figuring out how to do that in MSIE is far from obvious.

 

On IE7 anyway:

Tools > Internet Options > Content > Certificates > X > Import

I'm not sure if X should be Intermediate or Trusted.

 

But if firefox saves in with the right suffix, you should be able to open it and use the wizard to import it.

Unlisted
Advisor

Re: Website's Security Certificate Error Page When Connecting to iLO1 & iLO2 through IE7

Reply originally by  Gobinda_Sahukar

Simply Just add the IP or hostname of the ILO address to the IE trusted list.