SOLVED
I am running into a problem with the Start-HPEiLOCertificateSigningRequest cmdlet. I pass the variables and values and the default data is returned into the certificate.
Example:
$connection = Connect-HPEiLO $interface -Username $striLOUsername -Password $striLOPassword -DisableCertificateAuthentication $commonName = (Get-HPEiLOIPv4NetworkSetting -connection $connection).DNSname + "." + (Get-HPEiLOIPv4NetworkSetting -connection $connection).DomainName Start-HPEiLOCertificateSigningRequest -Connection $connection -State "MyState" -Country "US" -City "Anytown" -Organization "MyCompany" -OrganizationalUnit "MyGroup" -CommonName "$commonName"
After I generate a cert file with certreq.exe and then import with Import-HPEImportCertificate, the subject values are all default except for the CN.
I also see the following in the manual for the cmdlet.
-IncludeiLOIP [<SwitchParameter>]
Includes the iLO IP along with the certificate. The supported values are Yes or No. This parameter is supported only on iLO 5 servers.However, this feature is absolutely available on iLO 4 (v 2.55, shown below).
In addition, the cmdlet parameter does not recognize Yes as a value!!! So it will not work. I would love for this to get resolved as I have a scripted way of adding iLO's into a CA that is held up by this broken cmdlet.
Hi,
We accept there is a issue in CSR generation with custom fields and we are working towards fixing the bug. Will update on the availablility of the fix soon.
As a wokround you can use previous release of iLO cmdlets i.e., 1.5.x version which is available on the HPE web and you need not un-install 2.0 as both can work in parellel without any conflict.
Below is the cmdlet to generate CSR on Gen9 iLO. ( Try same cmdlet twice - once for iLO to generate and 2nd for displaying the csr )
PS C:\Windows\system32> $out = Get-HPiLOCertificateSigningRequest -Server 192.168.10.16 -Username admin -Password admin123 -State KA -Country IN -Locality BLR -Organization HPE -OrganizationalUnit HIT -CommonName CN -DisableCertificateAuthentication
PS C:\Windows\system32> $out
IP : 192.168.10.16
HOSTNAME : ilomxq54509m3.powershvpn.com
STATUS_TYPE : OK
STATUS_MESSAGE : OK
CERTIFICATE_SIGNING_REQUEST : -----BEGIN CERTIFICATE REQUEST-----
MIICtjCCAZ4CAQAwUTELMAkGA1UEAwwCQ04xDDAKBgNVBAsMA0hJVDEMMAoGA1UE
CgwDSFBFMQwwCgYDVQQHDANCTFIxCzAJBgNVBAgMAktBMQswCQYDVQQGEwJJTjCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALVF5PpeuRipy4e038bgw/A9
2ovY8KQYnlWjJ2yj72ub2moiuuFAH2wLbFZuh7KwH8+P3rzZZWVdVoem0bbFATmu
dmrDv4ntdrol38rJmMB8OVbmsbwBaT8VzEW+FsDpn/rMpmBhdwfhkWgt9gEMumyF
Sr+SJPtJMpU7e5lMq8EX3gNdZ/cYNFkxKLfRTa+41jNUSAbpVzgwLGEJxJfHY0Hm
cNtNcsnJZuyf9vHAlySpbiHa7JSDcNqejR4fdRDg3JqCDGm8k+6UN8CG9h2MO5vD
WNgxys+df8t2QEZa8xlv/m7TjWI8WUPAuoKpybsZJC/x84Mj9XilbTFusM+tIoEC
AwEAAaAgMB4GCSqGSIb3DQEJDjERMA8wDQYDVR0RBAYwBIICQ04wDQYJKoZIhvcN
AQELBQADggEBAE39YlJnBi4t/XkeQ8EBOB9QoRdLttly2kICHcLJUTiSbvceqOEC
0JLnbMCHAPlYnZbOts+iyeUrfvg2bXKdobvLmtE73cUSBXX1R9JsN+czqd9oNtbW
8qQtkeG9D7Mzhk9GBxZ0r5FUi5R/eq7mfZqei2UVCOTQZHVuyWVR1j4xk3+ytgbN
hH4o5SZVDDmp/a6TCT6kWZpuxOPbbLAemGDIeRy14Vd68GjQ9KUgbfAARgeZdS5c
FbZ8LI6wXoE6b/+586o5dSgng2YOS4i2x0B5RaslYF6KS3UayCg1qIDYL1Y7rTXo
IYh5pvMz56ANwmUA0b3WHTMSxZzS9vYEJlo=
-----END CERTIFICATE REQUEST-----
Thanks,
Gokul
I am a HPE Employee
