- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Remote Server Management
- >
- Re: Importing a private key isn't secure? (was: Im...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-30-2017 11:09 PM
01-30-2017 11:09 PM
Re: Importing SSL Certificate AND Private Key?
@Jimmy Vance wrote:Sorry, I quickly glanced at your original message and thought you were asking how to import a certificate as that question comes up often.
Yeah, I somehow had the impression, that hadn't fully read my original post :)
Cheers,
Alexander
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-30-2017 11:13 PM - edited 01-30-2017 11:18 PM
01-30-2017 11:13 PM - edited 01-30-2017 11:18 PM
Importing a private key isn't secure? (was: Importing SSL Certificate AND Private Key?)
@Dennis Handly wrote:Importing a private key isn't secure. Usually you generate a CSR and get it signed and then import that.
Uh? Why shouldn't it be secure? Usually, for all the web-, mail- and whatnot-servers, we generate CSRs on trusted systems (or on the system itself) and then install the certificate + key + intermediate cert(s) on the target system(s).
I'd really like to know,why you think, that this is NOT secure.
Could you please expand on that?
Thanks a lot,
Alexander
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-04-2017 02:59 PM
02-04-2017 02:59 PM
Re: Importing a private key isn't secure? (was: Importing SSL Certificate AND Private Key?)
>Why shouldn't it be secure? ... and then install the certificate + key + intermediate cert(s) on the target system(s).
Because the key leaves one host and is installed in another. Someone could hijack it. And all your systems have the same key.
I deal with secure devices and it is a big selling point (FIPS requirement) to say that the key NEVER leaves the device.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-21-2018 04:56 AM
03-21-2018 04:56 AM
Re: Importing a private key isn't secure? (was: Importing SSL Certificate AND Private Key?)
I have an identical problem - did you solve yours?
I have a * .domain.com certificate and would like to upload it to ILO4
--
Jacek
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-04-2018 08:18 AM
06-04-2018 08:18 AM
Re: Importing SSL Certificate AND Private Key?
Hi,
I know this is a pretty old thread, but I need help with this exact process (importing certificates to iLO). I need to do this for multiple iLO devices at a time. I've been working on the "Generating CSR" script that comes packaged with HPE's iLO Powershell package and got it pretty much completed. Next steps are to import the signed certs (3rd party) into each iLO device. Any suggestions/recommendations on how to do that, would certainly be very much helpful. Appreciate the help in advance.
Thanks,
- DM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-05-2018 12:59 AM
06-05-2018 12:59 AM
Re: Importing SSL Certificate AND Private Key?
Hi,
Definately its possible with PS cmdlets of iLO.
Below are the complete steps for generate and import of certificates :
Four steps are involved in this use-case:
1)Generate the certificate – Start-HPEiLOCertificateSigningRequest
2)Get the certificate – Get-HPEiLOCertificateSigningRequest
3)Sign the CSR using any third-party CA – No cmdlet as its done by third-party
4) Import the certificate - Import-HPEiLOCertificate
And below is the example of how importing of certificate can be done.
PS C:\> $cert = @"
-----BEGIN CERTIFICATE-----
ASampleCertificateAAALftnNE12JR8T8XQqyzqc1tt6FLFRXLRM5PJpOf/IG4hN45
pNdJAhTC8O2505PzkGLf5qhrbDnusclCvoH7DuxyHjeOUVxbC5wFQBcGF4VnpYZ8nGQ
Gt9TQ0iUV+NRwn4CR5ESoi63zTJIvKIYZDT2ISeXhF2iU6txjZzdeEm7vQz3slaY3dg
AAAIAQ46i6FBzJAYXziF/qmWMt4y6SlylOQDAsxPKk7rpxegv8RlTeon/aeL7ojb9GQ
2xnEN5gobaNZxKz2d4/jwg3+qgTDT6V1G+b7+nEI/XHIc717/7oqgiOv4VE3WxN+HE9
JWsv2jwUpAzRGqJOoojRG/CCru0K+jgTOf/di1o0sw
-----END CERTIFICATE-----
"@
PS C:\> $connection = Connect-HPEiLO 10.20.30.40,10.20.30.41 -Username admin -Password admin123
PS C:\> Import-HPEiLOCertificate -Connection $connection -Certificate $cert
I am a HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-07-2018 12:08 PM
06-07-2018 12:08 PM
Re: Importing SSL Certificate AND Private Key?
GokuIKS, I like your instructions ... have you actually tested it ? with HPEiLOCmdlets 2.0.0.0 ? And a bit of customization (like City, State, Country, Organization etc ) ?
Because our finding is that :
Start-HPEiLOCertificateSigningRequest
does not use the value of ‘-City', regardless of how you specify it. Should place it into '<CSR_Locality>' inside the XML it sends, but there's no such field in the raw request being sent.
Get-HPEiLOCertificateSigningRequest
resubmits new CSR generation with default parameters. It does not simply retrieve the previously generated CSR (with parameters specified by 'Start-HPEiLOCertificateSigningRequest').
So I am curious who's really testing these PowerShell cmdlet ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2018 10:11 PM
06-10-2018 10:11 PM
Re: Importing SSL Certificate AND Private Key?
Hi,
As I mentioned in other posts both of them are bugs and we are working towards fixing it.
This issue happens only on Gen8\9 systems but Gen10 works as expected.
Thanks,
Gokul
I am a HPE Employee
- « Previous
-
- 1
- 2
- Next »