Remote Lights-Out Mgmt (iLO 2, iLO, RILOE II) Forum
Showing results for 
Search instead for 
Do you mean 

iLO invalid certificate

Occasional Contributor

iLO invalid certificate

Hi,

i just upgraded my iLO to a new version. when i try and connect it says i have recieved an invalid certificate. It says my certificate contains the same serial number as issued by another authority. Please get a new serial number containing a unique serial number. I did not recieve this error before with the older version. How do i fix this? I already tried resetting iLO to defaults.
5 REPLIES
Honored Contributor

Re: iLO invalid certificate

It sounds like you imported the iLO SSL certificate, but when the firmware was reset for the update, a new self-signed certificate was issued.

When you reconnect to the lights-out processor, the browser detects the certificate inconsistency and prompts you. This behavior is designed to prevent "trojan horse" attacks.

In some cases, when the certificate changes, you must close all instances of the browser currently running and then restart the browser, because the current cert is cached in RAM. Try this first.

If the problem continues, you will need to reconcile the imported certificate for the site. You can use the browser to examine the new certificate and import it if you trust the contents.

You may need to purge the old certificate first. Check Internet Options/Content for the certificate controls.
Occasional Contributor

Re: iLO invalid certificate

i cleared the cache. how would i reset the certificate like you said above?
Honored Contributor

Re: iLO invalid certificate

The browser receives the certificate when you establish an SSL connection to iLO (the padlock). At this point, you will be prompted since the certificate is new.
Occasional Contributor

Re: iLO invalid certificate

I already tried that. it didn't give me a new padlock. I'm using firefox for the record here. It works kind of flaky in IE. It keeps on displaying invalid certificate but still lets you authenticate.
Honored Contributor

Re: iLO invalid certificate

For firefox, you can view the installed certificates using
Tools/ Options/ Advanced/ Encryption/ View Certs

Clean out the conflicting certificate there, then exit all instances of firefox and try again.

Then when you reconnect to the iLO, specify http://ilo
iLO will redirect to SSL and you will see the dialogue listing three options:
- Accept this certificate permanently
- Accept this certificate temporarily
- Do not accept this certificate

If you choose permanent, the certificate is stored and firefox will not allow you to connect to the site as long there is a conflict.