Server Management - Remote Server Management

iLO3 RIBCL for Custom CSR

Occasional Visitor

iLO3 RIBCL for Custom CSR

The CSR_CERT_SETTINGS RIBCL command under RIB_INFO is supposed to allow for changing SSL certificate request information.  They're documented in a May 2011 edition of the iLO Scripting and Command Line Resource Guide and workS great on an iLO2 processor with firmware of 2.06.


These commands all fail on iLO3 with 1.25 firmware however with an error mesasge of 'Feature not supported'.  I'm really hoping this is a bug in the firmware and not that the commands were depricated, they're extremely useful in large scale deployments and standard configurations.


The set in particular is:


<RIB_INFO MODE="write">












Brett Merrick
Occasional Contributor

Re: iLO3 RIBCL for Custom CSR

Upgraded to iLO3 v 1.25 and now it produces a 2048bit CSR,


However when you upload the replacement certificate it either rejects a certificate that doesn't match, or it accepts the certificate, reboots and then dishes up the old self signed cert.....


Occasional Visitor

Re: iLO3 RIBCL for Custom CSR

In the scripting I've done thus far, it seems that the call to generate a CSR is synchronous when on iLO 2 and earlier management processors.  This does not seem to be the case for iLO3 at firmware version 1.25.  It seems that the call becomes asynchronous, which in my opinion defeats the purpose of making CSR generation scriptable.


Is there an option documented or not that needs to be presented to iLO 3's?  Here is a sample of the RIBCL I use:



  <LOGIN USER_LOGIN="admin" PASSWORD="password">

    <RIB_INFO MODE="write">




The response I get from iLO 2 and earlier is the CSR encased in the RIBCL syntax.  On iLO 3, instead of the CSR I'm expecting, I instead get a reply that the CSR is in process of being generated.  I receive a similar respnose in the web GUI.  Although I don't really understand why there is a difference between iLO versions, if I request a CSR I should get one, not a notice to check back later.


On a related note, the custom CSR creation works on iLO 2 (2.06), but on iLO 3 1.25 it never worked.  I'd wait hours for the CSR generation and not get it when specifying locale information consistent with my certificate hierarchy.  If I left the defaults for C=US, ST=Texas, L=Houston, etc., the CSR generation would however work however.  It does at least properly use the FQDN for the CN in the CSR.