- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Remote Server Management
- >
- Re: Installing a certificate signing by our own CA
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-23-2009 02:25 AM
тАО02-23-2009 02:25 AM
Installing a certificate signing by our own CA
I am trying to install a certificate in our blade servers' iLO (Advanced 1.92). I have tried some methods, but none of them suceeded.
First I tried to request a certificate from iLO web interface. The request seems correct, but we can't sign it because the country of the request is US and our CA's country is ES.
So I tried to import a certificate directly signed by our CA (we create the request and sign it). But I got the error:
"The Certificate could not be imported from the supplied X.509 Certificate data.
The Common name on the certificate does not match the DNS name of Integrated Lights-Out. Make sure that the X.509 Certificate data was intended for this Integrated Lights-Out. "
I thought that the problem could be that CN of the certificate was the FQDN, so I tried with a certificate with just the hostname in the CN, but I got the same error.
Any idea of how could I install a certificate?
- Tags:
- certificate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-24-2009 12:06 PM
тАО02-24-2009 12:06 PM
Re: Installing a certificate signing by our own CA
We literally have thousands of HP bl and dl servers. We would like to use ssl certs the way they were intended, but this bug in the ilo firmware is preventing us from using ssl correctly.
The CSR should use the FQDN for the common name not just the hostname.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-02-2009 03:36 PM
тАО03-02-2009 03:36 PM
Re: Installing a certificate signing by our own CA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-15-2012 10:51 AM
тАО01-15-2012 10:51 AM
Re: Installing a certificate signing by our own CA
Hi
I'm facing with the same issue, may be even worse - whatever the combination of network settings (host name and domain name) and certificate (common name, shortname/FQDN) I try - I can't import the certificate. I tried the certificate request generated by iLO, I also tried the self-generated request - it just simply doesn't work. Always returning the error:
The Certificate could not be imported from the supplied X.509 Certificate data.
The Common name on the certificate does not match the DNS name of Integrated Lights-Out. Make sure that the X.509 Certificate data was intended for this Integrated Lights-Out.
I have no idea on where to move further, all possible options already excercised, so I'm lost, and whole day wasted. Anyone can help please?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-16-2012 11:56 AM - edited тАО01-16-2012 11:57 AM
тАО01-16-2012 11:56 AM - edited тАО01-16-2012 11:57 AM
Re: Installing a certificate signing by our own CA
just may be helpful for someone who faces with the same issue - eventually I made it happen, iLO accepted the certificate signed by my self-signed CA (openssl). The issue was with the CA configuration - not sure what exactly was the reason as I changed two things in the config:
a) the SSL v3 extensions - completely removed this section from the generated certificate
b) changed the order of attributes in the certificate subject (country, state, locality, organization, organization unit, common name, email)
But these changes do not corresponde to the error message generated by the iLO certificate import (see the previous post) so it had taken quite a while to find the correct setup, so please be aware that the error description can be missleading in certain cases.
take care