Servers - General

iLO 4 Import SSL Certificate

 
Rick_Meyer
Occasional Contributor

iLO 4 Import SSL Certificate

I am trying to import a self certified SSL certificate that I created from the CSR that our iLO 4 provided.

The import errors with :

Error: The Certificate could not be imported from the supplied X.509 Certificate data.

Verify the following:

  • The input text was base64-encoded X.509 certificate data.
  • The provided certificate data was intended for this server (not another server).

It won't provide any more information about what specifically is wrong though.

I did read somewhere that if I'm using a self certified cert that I would have to add the bogus CA authority to the keystore. Is that true? Is there any way of doing that from within the iLO web interface? The client I am working for does not have a license key to enable the advanced features, which is needed to launch the Java Remote Console.

If there should be no problems with using a self certified cert, then how can I tell what the problem might be?

Thanks,

Rick Meyer

4 REPLIES 4
Rick_Meyer
Occasional Contributor

Re: iLO 4 Import SSL Certificate

BTW, here is where I found the comment about having to add the bogus CA to the root CA store:

https://serverfault.com/questions/922517/how-to-selfsign-an-ssl-certificate-for-hpe-integrated-lights-out-ilo-5

One other question I have is is there a limit to the # of days to assign the key to be valid? I gave it a very high number, but perhaps that is the issue?

 

Anu_K
HPE Pro

Re: iLO 4 Import SSL Certificate

Hello,

Regarding your initial query, I found a similar post and the suggestion may help you to fix the issue : https://community.hpe.com/t5/ProLiant-Servers-ML-DL-SL/iLO4-FW-version-2-55-SSL-certificate-import-errors/td-p/7003857#.YK-hmqgzaMo

 

Note: "While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the company."
 
I am an HPE Employee

Accept or Kudo

Rick_Meyer
Occasional Contributor

Re: iLO 4 Import SSL Certificate

Sorry that did not help. I suspect that my problem is that I cannot use a self signed cert unless I can manually add it to the jvm's keystore. Is that something that can be done through the Java remote console? Better yet, is there a way to get access to a bash shell on the device?

 

SanjeevGoyal
HPE Pro

Re: iLO 4 Import SSL Certificate

Hello,

I would suggest follow below points

1. Please check in the Certification Authority if it has been set to allow the Subject on the signed SSL Certificate to match the iLO Name.
2. The ILO Hostname should match with the CN Name on the Certificate generated. Please check for iLO Hostname on the Information→Overview page in iLO.
3. The size of the certificate should not exceed more than 3KB.
4. The certificate is generated as a base 64-encoded X.509 certificate, and is in the RAW format.
5. The first and last lines are included in the certificate.
6. After installing Restart iLO.

Make sure ILO4 should be updated with the latest firmware.

If you feel this was helpful please click the KUDOS! thumb below!   
Regards,


I am a HPE Employee

Accept or Kudo