- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Remote Server Management
- >
- Re: Start-HPEiLOCertificateSigningRequest Broken?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2018 09:42 AM
тАО06-08-2018 09:42 AM
I am running into a problem with the Start-HPEiLOCertificateSigningRequest cmdlet. I pass the variables and values and the default data is returned into the certificate.
Example:
$connection = Connect-HPEiLO $interface -Username $striLOUsername -Password $striLOPassword -DisableCertificateAuthentication $commonName = (Get-HPEiLOIPv4NetworkSetting -connection $connection).DNSname + "." + (Get-HPEiLOIPv4NetworkSetting -connection $connection).DomainName Start-HPEiLOCertificateSigningRequest -Connection $connection -State "MyState" -Country "US" -City "Anytown" -Organization "MyCompany" -OrganizationalUnit "MyGroup" -CommonName "$commonName"
After I generate a cert file with certreq.exe and then import with Import-HPEImportCertificate, the subject values are all default except for the CN.
I also see the following in the manual for the cmdlet.
-IncludeiLOIP [<SwitchParameter>] Includes the iLO IP along with the certificate. The supported values are Yes or No. This parameter is supported only on iLO 5 servers.
However, this feature is absolutely available on iLO 4 (v 2.55, shown below).
In addition, the cmdlet parameter does not recognize Yes as a value!!! So it will not work. I would love for this to get resolved as I have a scripted way of adding iLO's into a CA that is held up by this broken cmdlet.
Solved! Go to Solution.
- Tags:
- certificate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2018 12:59 PM
тАО06-08-2018 12:59 PM
Re: Start-HPEiLOCertificateSigningRequest Broken?
I run into the same proble
Start-HPEiLOCertificateSigningRequest
does not use the value of тАШ-City', regardless of how you specify it. Should place it into '<CSR_Locality>' inside the XML it sends, but there's no such field in the raw request being sent. (you can see that with -OutputType)
тАШ-IncludeiLOIP' parameter gives errors if you specify it, no matter what syntax !
Get-HPEiLOCertificateSigningRequest
resubmits new CSR generation with default parameters. It does not simply retrieve the previously generated CSR (with parameters specified by 'Start-HPEiLOCertificateSigningRequest').
You *can* however see the correct CSR if you retry 'Start-HPEiLOCertificateSigningRequest' with '-OutputType RawResponse'.
So I am curious who's really testing these PowerShell cmdlet ? I am trying to get some help from HPE support without success. The module is badly coded and we need a fixed version !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-10-2018 10:18 PM
тАО06-10-2018 10:18 PM
Re: Start-HPEiLOCertificateSigningRequest Broken?
Hi,
We accept there is a issue in CSR generation with custom fields and we are working towards fixing the bug. Will update on the availablility of the fix soon.
As a wokround you can use previous release of iLO cmdlets i.e., 1.5.x version which is available on the HPE web and you need not un-install 2.0 as both can work in parellel without any conflict.
Below is the cmdlet to generate CSR on Gen9 iLO. ( Try same cmdlet twice - once for iLO to generate and 2nd for displaying the csr )
PS C:\Windows\system32> $out = Get-HPiLOCertificateSigningRequest -Server 192.168.10.16 -Username admin -Password admin123 -State KA -Country IN -Locality BLR -Organization HPE -OrganizationalUnit HIT -CommonName CN -DisableCertificateAuthentication
PS C:\Windows\system32> $out
IP : 192.168.10.16
HOSTNAME : ilomxq54509m3.powershvpn.com
STATUS_TYPE : OK
STATUS_MESSAGE : OK
CERTIFICATE_SIGNING_REQUEST : -----BEGIN CERTIFICATE REQUEST-----
MIICtjCCAZ4CAQAwUTELMAkGA1UEAwwCQ04xDDAKBgNVBAsMA0hJVDEMMAoGA1UE
CgwDSFBFMQwwCgYDVQQHDANCTFIxCzAJBgNVBAgMAktBMQswCQYDVQQGEwJJTjCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALVF5PpeuRipy4e038bgw/A9
2ovY8KQYnlWjJ2yj72ub2moiuuFAH2wLbFZuh7KwH8+P3rzZZWVdVoem0bbFATmu
dmrDv4ntdrol38rJmMB8OVbmsbwBaT8VzEW+FsDpn/rMpmBhdwfhkWgt9gEMumyF
Sr+SJPtJMpU7e5lMq8EX3gNdZ/cYNFkxKLfRTa+41jNUSAbpVzgwLGEJxJfHY0Hm
cNtNcsnJZuyf9vHAlySpbiHa7JSDcNqejR4fdRDg3JqCDGm8k+6UN8CG9h2MO5vD
WNgxys+df8t2QEZa8xlv/m7TjWI8WUPAuoKpybsZJC/x84Mj9XilbTFusM+tIoEC
AwEAAaAgMB4GCSqGSIb3DQEJDjERMA8wDQYDVR0RBAYwBIICQ04wDQYJKoZIhvcN
AQELBQADggEBAE39YlJnBi4t/XkeQ8EBOB9QoRdLttly2kICHcLJUTiSbvceqOEC
0JLnbMCHAPlYnZbOts+iyeUrfvg2bXKdobvLmtE73cUSBXX1R9JsN+czqd9oNtbW
8qQtkeG9D7Mzhk9GBxZ0r5FUi5R/eq7mfZqei2UVCOTQZHVuyWVR1j4xk3+ytgbN
hH4o5SZVDDmp/a6TCT6kWZpuxOPbbLAemGDIeRy14Vd68GjQ9KUgbfAARgeZdS5c
FbZ8LI6wXoE6b/+586o5dSgng2YOS4i2x0B5RaslYF6KS3UayCg1qIDYL1Y7rTXo
IYh5pvMz56ANwmUA0b3WHTMSxZzS9vYEJlo=
-----END CERTIFICATE REQUEST-----
Thanks,
Gokul
I am a HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-10-2018 10:24 PM
тАО06-10-2018 10:24 PM
Re: Start-HPEiLOCertificateSigningRequest Broken?
Thanks, ETA for the fix ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-11-2018 07:25 AM - edited тАО06-11-2018 07:26 AM
тАО06-11-2018 07:25 AM - edited тАО06-11-2018 07:26 AM
Re: Start-HPEiLOCertificateSigningRequest Broken?
Thanks. I will wait since I would like the cmdlet to also work with -IncludeiLOIP with iLO v4.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-17-2018 10:07 AM
тАО08-17-2018 10:07 AM
Re: Start-HPEiLOCertificateSigningRequest Broken?
Has this been fixed yet??
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-04-2018 11:38 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-05-2018 12:58 PM
тАО09-05-2018 12:58 PM
Re: Start-HPEiLOCertificateSigningRequest Broken?
Thank you! I hadn't noticed an update to the cmdlets.