Servers - General
cancel
Showing results for 
Search instead for 
Did you mean: 

HP IP KVM - Certificate

 
JCarvalho
Occasional Visitor

HP IP KVM - Certificate

Hi,

I have and old AF601A - HP 2x1x16 IP Console Switch with Virtual Media. I just upgraded it to the last 2013 firmware, because I boughth USB adaptars that require this firmware.

The problem is that this release uses a new web interface, and the ssl certificate is expired. I've tried to install a new self-signed, 3rd party signed, etc certificate, but without success.

If I just update the internal certificate, I have problems because the HP certificate is not issued by a recognized authority. Since now the console coneections are java based, nothing works until I get a working certificate.

Can someone help with this?

 

Thanks

JP

2 REPLIES 2
BH-MNGI
Occasional Visitor

Re: HP IP KVM - Certificate

Hey JP,

I didn't have any luck adding a self-signed certificate and just applied a new cert using the Tools -> Install Web Server Certificate option using the fields.  The cert is still invalid due to the root CA missing, but when I followed the steps in the URL below I was able to access the KVM. 

https://xiaoxiaoke.wordpress.com/2015/10/06/changing-java-security-restriction-for-network-connect-error-issue-in-kvm/

Once I updated the Java client, added the exception for the KVM and made the change to the security file I was able to launch the links and see the console screens using IE 11 on a Windows 7 computer. 

JCarvalho
Occasional Visitor

Re: HP IP KVM - Certificate

Hi,

After much time trying diferent things I was able to add a self-signed certificate. Here are the steps (done against our Windows CA Authority)

1 - Generate Request and PrivateKey

openssl req -newkey rsa:2048 -keyout serverprvkey.pem -nodes -sha1 -days 1095 -out server.req

2 - Generate certificate against CA

certreq -attrib "CertificateTemplate:WebServer"

3 - convert BEGIN PRIVATE KEY to BEGIN RSA PRIVATE KEY)

openssl rsa -in server2prvkey.pem -out server2_newkey.pem

4 - copy paste rsa key to cert

5 - upload to kvm

The problem is that it works ok when you access the KVM throw the browser. The certificate is valid and all is ok. But since the new firware uses JAVA to remote connect, when you try to connect the JAVA window shows the old certificate.

I don't understant why. Using http/http the browser is serverd with the new certificate. When JAVA connects it shows the old certificate that is not valid.

Regards

JP