- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Remote Server Management
- >
- iLO3 RIBCL for Custom CSR
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-30-2011 04:07 PM
06-30-2011 04:07 PM
iLO3 RIBCL for Custom CSR
The CSR_CERT_SETTINGS RIBCL command under RIB_INFO is supposed to allow for changing SSL certificate request information. They're documented in a May 2011 edition of the iLO Scripting and Command Line Resource Guide and workS great on an iLO2 processor with firmware of 2.06.
These commands all fail on iLO3 with 1.25 firmware however with an error mesasge of 'Feature not supported'. I'm really hoping this is a bug in the firmware and not that the commands were depricated, they're extremely useful in large scale deployments and standard configurations.
The set in particular is:
<RIB_INFO MODE="write">
<CSR_CERT_SETTINGS>
<CSR_USE_CERT_CUSTOM_SUBJECT VALUE="Yes" />
<CSR_USE_CERT_2048PKEY VALUE="Yes" />
<CSR_SUBJECT_COUNTRY VALUE="Yes" />
<CSR_SUBJECT_STATE VALUE="Yes" />
<CSR_SUBJECT_LOCATION VALUE="Yes" />
<CSR_SUBJECT_ORG_NAME VALUE="Yes" />
<CSR_SUBJECT_ORGUNIT_NAME VALUE="Yes" />
<CSR_SUBJECT_COMMON_NAME VALUE="Yes" />
</CSR_CERT_SETTINGS>
- Tags:
- iLO
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2011 05:37 PM - edited 07-07-2011 07:24 PM
07-07-2011 05:37 PM - edited 07-07-2011 07:24 PM
Re: iLO3 RIBCL for Custom CSR
Upgraded to iLO3 v 1.25 and now it produces a 2048bit CSR,
However when you upload the replacement certificate it either rejects a certificate that doesn't match, or it accepts the certificate, reboots and then dishes up the old self signed cert.....
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-03-2011 07:37 AM
08-03-2011 07:37 AM
Re: iLO3 RIBCL for Custom CSR
In the scripting I've done thus far, it seems that the call to generate a CSR is synchronous when on iLO 2 and earlier management processors. This does not seem to be the case for iLO3 at firmware version 1.25. It seems that the call becomes asynchronous, which in my opinion defeats the purpose of making CSR generation scriptable.
Is there an option documented or not that needs to be presented to iLO 3's? Here is a sample of the RIBCL I use:
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="admin" PASSWORD="password">
<RIB_INFO MODE="write">
<CERTIFICATE_SIGNING_REQUEST/>
</RIB_INFO>
</RIBCL>
The response I get from iLO 2 and earlier is the CSR encased in the RIBCL syntax. On iLO 3, instead of the CSR I'm expecting, I instead get a reply that the CSR is in process of being generated. I receive a similar respnose in the web GUI. Although I don't really understand why there is a difference between iLO versions, if I request a CSR I should get one, not a notice to check back later.
On a related note, the custom CSR creation works on iLO 2 (2.06), but on iLO 3 1.25 it never worked. I'd wait hours for the CSR generation and not get it when specifying locale information consistent with my certificate hierarchy. If I left the defaults for C=US, ST=Texas, L=Houston, etc., the CSR generation would however work however. It does at least properly use the FQDN for the CN in the CSR.