Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
Server Management - Remote Server Management
cancel
Showing results for 
Search instead for 
Did you mean: 

How to use openssl to generate key pair for SSL.

david8881
Occasional Advisor

How to use openssl to generate key pair for SSL.

How can you import a key pair into the ilo.

Does the import_cert.xml from the hpqlocfg.exe and locfg.pl take the private keys?

I did find this article, but was having issues with windows hpqlocfg.exe the locfg.pl I am also experinces unknown errors..

http://www.vcritical.com/2010/11/automating-ssl-certificate-deployments-for-hp-ilo/

my log

HPQLOCFG.exe: Sending (97)
POST /ribcl HTTP/1.1
HOST: sjc21654mdrp01
Content-length: 30

<RIBCL VERSION="2.0"></RIBCL>

HPQLOCFG.exe: Sending (115)
POST /ribcl HTTP/1.1
HOST: sjc21654mdrp01
Transfer_Encoding: chunked
Content-length: 2095
Connection: Close


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (22)
<RIBCL VERSION="2.0">

HPQLOCFG.exe: Sending (50)
<LOGIN USER_LOGIN="<user>" PASSWORD="<password>">

HPQLOCFG.exe: Sending (30)
<RIB_INFO MODE="write">

HPQLOCFG.exe: Sending (30)
<IMPORT_CERTIFICATE>

HPQLOCFG.exe: Sending (13)

HPQLOCFG.exe: Sending (13)

HPQLOCFG.exe: Sending (13)

HPQLOCFG.exe: Sending (31)
-----BEGIN RSA PRIVATE KEY-----

HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (22)
Proc-Type: 4,ENCRYPTED

HPQLOCFG.exe: Sending (39)
DEK-Info: DES-EDE3-CBC,E52C2EA1689EF611

HPQLOCFG.exe: Sending (0)


HPQLOCFG.exe: Sending (64)
<private key>

HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (29)
-----END RSA PRIVATE KEY-----

HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (31)
</IMPORT_CERTIFICATE>

HPQLOCFG.exe: Sending (10)

HPQLOCFG.exe: Sending (22)
<RESET_RIB/>

HPQLOCFG.exe: Sending (18)
</RIB_INFO>

HPQLOCFG.exe: Sending (12)
</LOGIN>

HPQLOCFG.exe: Sending (9)
</RIBCL>

HPQLOCFG.exe: Sending (0)

 

Sending script...
Waiting for Response...

HPQLOCFG.exe: Received (496)

<?xml version="1.0"?>
<RIBCL VERSION="2.23">
<RESPONSE
STATUS="0x0000"
MESSAGE='No error'
/>
</RIBCL>
<?xml version="1.0"?>
<RIBCL VERSION="2.23">
<RESPONSE
STATUS="0x0000"
MESSAGE='No error'
/>
</RIBCL>
<?xml version="1.0"?>
<RIBCL VERSION="2.23">
<RESPONSE
STATUS="0x0000"
MESSAGE='No error'
/>
</RIBCL>
<?xml version="1.0"?>
<RIBCL VERSION="2.23">
<RESPONSE
STATUS="0x0001"
MESSAGE='Error: Line #37: syntax error near ">".'
/>
</RIBCL>

Error:Can not open Log file....

Script failed for DNS:<hostname>

1 REPLY
Oscar A. Perez
Honored Contributor

Re: How to use openssl to generate key pair for SSL.

iLO doesn't support importing Private/Public RSA key-pair.  See my explanation why it doesn't here:  

http://community.hpe.com/t5/Remote-Lights-Out-Mgmt-iLO-2-iLO/Anyway-to-change-the-Subject-Alternative-Name-on-iLo-SSL-Cert/m-p/6845098/highlight/true#M7739

 

What you need to do is to create your own Private CA then, have each iLO generate a CSR then, get the CSR signed by your CA and finally import the signed SSL certificates back into that iLO.   The article in the link you posted has a very interesting way to script all of this. 




__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!