Simpler Navigation for Servers and Operating Systems
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
Server Management - Remote Server Management
cancel
Showing results for 
Search instead for 
Did you mean: 

Question about SSL on OA/iLO

SOLVED
Go to solution
Blaine Baker
Occasional Visitor

Question about SSL on OA/iLO

Hi all,

This is probably a pretty easy question for most of you. I have a c3000 enclosure with some bl460c blades in it. I have followed the process to get an ssl certificate (from our internal enterprise CA) for the onboard administrator itself, and that works perfectly, but everything under Device Bays -> nnn -> iLO, those links all open directly to the IP address of the blade and not a DNS hostname. As a result, even though i have a certificate installed for one of my iLO interface's FQDN, and it works if I manually go there, if I simply click the links inside OA (like I want to) it says the certificate is not valid because the name is mismatched (the URL is only the IP address).

Can anyone clue me in on what I can do to resolve this? Thanks,

-Blaine
5 REPLIES
Martin Smoral
Trusted Contributor

Re: Question about SSL on OA/iLO

Did you enter your DNS info under the Enclosure settings ?
Blaine Baker
Occasional Visitor

Re: Question about SSL on OA/iLO

Yes, my DNS settings are configured properly. OA is not even attempting to connect via hostname however - just IP address; so no DNS resolution is even being attempted.
T. Jones
Occasional Visitor

Re: Question about SSL on OA/iLO

I'm experiencing the same issue. Currently looking into using the subject alternate name extension to specify the IP address.
T. Jones
Occasional Visitor
Solution

Re: Question about SSL on OA/iLO

I got this working with our local Microsoft CA. Here's what I did:

1. Created the certificate and copied to clipboard.
2. On the CA, pasted the request, specified web server template, and added the subject alternate name attribute as "san:dns=xxx.xxx.xxx.xxx" (where "xxx.xxx.xxx.xxx" was my iLo IP address).
3. Imported the new cert.
4. Restarted browser, logged back in and no more cert error.

I did have to configure our CA to accept SAN attributes. Directions here: http://support.microsoft.com/kb/931351

Hope that helps,
tj
Blaine Baker
Occasional Visitor

Re: Question about SSL on OA/iLO

T. Jones' solution works perfectly. I had a little back and forth with my CA and they got it all sorted out. Thanks!