- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Remote Server Management
- >
- Re: iLO 5 Custom SSL Certificate - Is it possible ...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-16-2021 06:18 AM
04-16-2021 06:18 AM
Re: iLO 5 Custom SSL Certificate - Is it possible to load certificate and key generated by your own
Yep just a +1 here. We've recently begun to deploy HPE boxes in scenarios where we need high clock rate chips our normal Cisco UCS doesn't have. We then of course ran smack into this issue when trying to determine how to deploy our public CA-issued wildcard cert that we use for infrastructure. Since we use public CA certs, AND these systems do not have internet connectivity, we're faced with the choice of what will be an absolute nightmare trying to order/issue/install a unique paid (i.e. $$) cert on every single server vs just pushing our wildcard in, or, downgrade the security on our management systems by instructing them to not validate certs. No, we don't use an internal Windows CA, we have no Windows in our environment, nor do we want to deploy a private CA and then worry about getting every other internal system to trust it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-20-2021 02:09 AM
04-20-2021 02:09 AM
Re: iLO 5 Custom SSL Certificate - Is it possible to load certificate and key generated by your own
Well, in my case we have 2 options:
1.- Create ourselves the private key and generate the certificate request. The company CA process it and give us the certificate.
2. We make the crs with the following constrains:
- Make a local copy of openssl.cnf and append the following lines to it:
[req] req_extensions = v3_req [ v3_req ] basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = host1.mycompany.com
- Run this command:
openssl req -new -subj "/CN=host1.mycompany.com" -out newcsr.csr -nodes -sha512 -newkey rsa:2048 -config openssl.cnf
The newcsr.csr file will contain the certificate request. We can upload the file or paste its contents in the textbox provided by our CA, including the header (---BEGIN CERTIFICATE REQUEST---) and the corresponding footer (---END CERTIFICATE REQUEST---). and they deliver the certificate.
The problem is that I cannot generate "exactly" like that in the ILO interface. When I try to left emply all the fields except the CN, ILO doens't let me go further because all the Country, State, etc. fields are emply.
If I fullfill all this information, the CA complains with: "The subject in the certificate signing request must only contain a CN" ...
Well.. completly blocked...
Regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-20-2021 02:32 PM
05-20-2021 02:32 PM
Re: iLO 5 Custom SSL Certificate - Is it possible to load certificate and key generated by your own
We attempted to upload out own custom certs directly into the iLO..... no luck. we had to create the iLO's own cert request, (FQDN & IP Address) (*.csr) upload into the system generating our custom cert, then take that *.cer and copy and paste the -----BEGIN CERTIFICATE REQUEST----- to -----END CERTIFICATE REQUEST-----.
Our certificate generation did strip away all the company data and insert its own. When the iLO imported the cert it properly displayed all the correct data for our organization entries.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-09-2021 04:51 AM
08-09-2021 04:51 AM
Re: iLO 5 Custom SSL Certificate - Is it possible to load certificate and key generated by
In ILO 5 I did select Security -> SSL Certificate -> Customize Certificate -> here I did fill the form according to my company details afterwards -> Generate CSR
The trick did this instructions: https://phdops.kblin.org/hp-ilo-ssl-cert.html
This worked perfectly fine for me.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-21-2021 07:30 AM
10-21-2021 07:30 AM
Re: iLO 5 Custom SSL Certificate - Is it possible to load certificate and key generated by
+100000
We really need to have a way of providing our own private keys and not having to manually create CSRs for every ILO.
It's also an issue when internal CAs don't normally provide certificates via CSR and provide directly a private key + certificate. I'm currently in this position so cannot actually install any certificate that's provided/approved by my internal CA.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2022 03:56 AM
11-09-2022 03:56 AM
Re: iLO 5 Custom SSL Certificate - Is it possible to load certificate and key generated by
Hi
Did anyone get to the final answer on this to whetehr or not you can import a wilcard cert into the iLO.
Currently I am on iLO5 (Version 2.72)
Apologies if I have missed the answer to this.
Thanks in advance
G
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2022 04:38 AM - edited 11-09-2022 04:38 AM
11-09-2022 04:38 AM - edited 11-09-2022 04:38 AM
Re: iLO 5 Custom SSL Certificate - Is it possible to load certificate and key generated by
You can't import any key/cert combo, let alone a wildcard. It sucks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2023 11:29 PM
01-31-2023 11:29 PM
Re: iLO 5 Custom SSL Certificate - Is it possible to load certificate and key generated by
it should be posible with new iLO 5 2.78 (December 2022) via Redfish
iLO 5 Redfish API Reference document (hewlettpackard.github.io)
- « Previous
-
- 1
- 2
- Next »