Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
Server Management - Remote Server Management
Showing results for 
Search instead for 
Did you mean: 

SSL certificate serial number same as another

Greg Traud_2
Frequent Advisor

SSL certificate serial number same as another

I'm trying to access an HP-UX iLO via the web. I get the following error when I bring the page up in my browser:

Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number.

My question is; how do I get a new certificate?

I can telnet to the iLO just fine, but I don't see anywhere in the menus where I can issue a new certificate.

Any thoughts?
Greg Traud_2
Frequent Advisor

Re: SSL certificate serial number same as another

I found the cause. I'm using firefox, which fully validates the certificate. This is a bug which Stefan Winter posted in September 2005. It seems sad that this shortcoming has persisted this long.
When I use IE, the nastygram doesn't pop up.

Hey HP! Some folks like to use browsers other than IE! Geez, what's a person supposed to do when using Linux, or (gasp) HP-UX?
Honored Contributor

Re: SSL certificate serial number same as another

HP does support firefox on current versions of iLO firmware.

Most likely, the cause is that you imported the iLO certificate into Firefox or it is being cached by Firefox. If iLO is reset for any reason, and it generates a new self-signed certificate, the conflict is noted.

Check the Firefox Certs database tools/options/advanced/view certs/web sites. Chances you will see one for the iLO, and you can delete it.

Another possibility is that you did not permanently import the cert into Firefox but it was cached. If you reboot iLO, a new self-signed cert is issued. In this case, Firefox caches the old cert and it is not flushed until you close firefox and all related windows.

For stronger cert enforcement, you can issue a certificate to iLO. (Administration/Certificate or Administration/Security/Certificate).