- Community Home
- >
- Servers and Operating Systems
- >
- ProLiant
- >
- Server Management - Remote Server Management
- >
- Installing a certificate signing by our own CA
-
-
Forums
- Products
- Servers and Operating Systems
- Storage
- Software
- Services
- HPE GreenLake
- Company
- Events
- Webinars
- Partner Solutions and Certifications
- Local Language
- China - 简体中文
- Japan - 日本語
- Korea - 한국어
- Taiwan - 繁體中文
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Latin America
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Blog, Poland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
02-23-2009 02:25 AM
02-23-2009 02:25 AM
Installing a certificate signing by our own CA
I am trying to install a certificate in our blade servers' iLO (Advanced 1.92). I have tried some methods, but none of them suceeded.
First I tried to request a certificate from iLO web interface. The request seems correct, but we can't sign it because the country of the request is US and our CA's country is ES.
So I tried to import a certificate directly signed by our CA (we create the request and sign it). But I got the error:
"The Certificate could not be imported from the supplied X.509 Certificate data.
The Common name on the certificate does not match the DNS name of Integrated Lights-Out. Make sure that the X.509 Certificate data was intended for this Integrated Lights-Out. "
I thought that the problem could be that CN of the certificate was the FQDN, so I tried with a certificate with just the hostname in the CN, but I got the same error.
Any idea of how could I install a certificate?
- Tags:
- certificate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
02-24-2009 12:06 PM
02-24-2009 12:06 PM
Re: Installing a certificate signing by our own CA
We literally have thousands of HP bl and dl servers. We would like to use ssl certs the way they were intended, but this bug in the ilo firmware is preventing us from using ssl correctly.
The CSR should use the FQDN for the common name not just the hostname.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-02-2009 03:36 PM
03-02-2009 03:36 PM
Re: Installing a certificate signing by our own CA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
01-15-2012 10:51 AM
01-15-2012 10:51 AM
Re: Installing a certificate signing by our own CA
Hi
I'm facing with the same issue, may be even worse - whatever the combination of network settings (host name and domain name) and certificate (common name, shortname/FQDN) I try - I can't import the certificate. I tried the certificate request generated by iLO, I also tried the self-generated request - it just simply doesn't work. Always returning the error:
The Certificate could not be imported from the supplied X.509 Certificate data.
The Common name on the certificate does not match the DNS name of Integrated Lights-Out. Make sure that the X.509 Certificate data was intended for this Integrated Lights-Out.
I have no idea on where to move further, all possible options already excercised, so I'm lost, and whole day wasted. Anyone can help please?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
01-16-2012 11:56 AM - edited 01-16-2012 11:57 AM
01-16-2012 11:56 AM - edited 01-16-2012 11:57 AM
Re: Installing a certificate signing by our own CA
just may be helpful for someone who faces with the same issue - eventually I made it happen, iLO accepted the certificate signed by my self-signed CA (openssl). The issue was with the CA configuration - not sure what exactly was the reason as I changed two things in the config:
a) the SSL v3 extensions - completely removed this section from the generated certificate
b) changed the order of attributes in the certificate subject (country, state, locality, organization, organization unit, common name, email)
But these changes do not corresponde to the error message generated by the iLO certificate import (see the previous post) so it had taken quite a while to find the correct setup, so please be aware that the error description can be missleading in certain cases.
take care
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2022 Hewlett Packard Enterprise Development LP