Server Management - Remote Server Management

iLO Directory CA certificate issue - no AD login possible

 
lulu62
Occasional Contributor

iLO Directory CA certificate issue - no AD login possible

Hello All,

I (mistakenly) imported a domain controller AD certificate in the iLO of one of my servers (DL380p G8, iLO 4 2.61)

Security > Directory > scroll all the way down, Certificate Status > Import

And now AD authentication doesn't work anymore..

There is very very little documentation about this "Directory Server CA Certificate" online.

The only information I have is from the iLO's help itself:

 

[...]
9. Optional: Import a new CA certificate.

a. Click Import in the Certificate Status text box.

b. Paste the Base64-encoded X.509 certificate data into the Import Certificate window, and then click Import.

10. Optional: Replace an existing CA certificate.

a. Click View in the Certificate Status text box.

b. Click New in the Certificate Details window.

c. Paste the Base64-encoded X.509 certificate data into the Import Certificate window, and then click Import.

11. To test the communication between the directory server and iLO, click Test Settings.

[...]

Directory Server CA Certificate

During LDAP authentication, iLO validates the directory server certificate if the CA certificate is already imported. For successful certificate validation, make sure that you import the correct CA certificate. If certificate validation fails, iLO login is denied and an iLO event is logged. If no CA certificate is imported, the directory server certificate validation step is skipped.

To verify SSL communication between the directory server and iLO, click Test Settings.

 

I'm now trying to delete this imported certificate but I can't manage to find how to do that.
Nowhere in the iLO you have the option to delete this certificate, you can only import another one.
I've tried to reset the iLO to factory defaults but the certificate remains.
The cli doesn't give me the option to delete the certificate neither.

It used to work without certificate, and as mentioned in the iLO's help:

If no CA certificate is imported, the directory server certificate validation step is skipped.

However now that there's a certificate the directory server certificate validation is always checking the imported certificate which obviously doesn't work and AD auth. fails.

I'd like to rollback to the previous config where there was no certificate, does anyone know how to do this?

 

1 REPLY 1
Bunsol
HPE Pro

Re: iLO Directory CA certificate issue - no AD login possible

Hi Lulu,

If you have performed a reset of the ILO from ILO itself then it is not a factory reset.  Please use the Intelligent Provisioning>Perform Maintenance>ILO configuration>Reset>Factory Reset to perform the factory reset. But please make sure that you backup/copy all the license and necessary information. 

If the issue persists then contact us by logging a case on the below portal:-

https://support.hpe.com/hpesc/public/home

 

Regards,

Bunsol.

 

If you feel this was helpful please click the KUDOS! Thumbs below!
I am an HPE employee

Accept or Kudo