HPE Community
BladeSystem - General
1819931 Members
3071 Online
109607 Solutions
New Discussion

Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

 
SOLVED
Go to solution
Steve_Tippett
Frequent Advisor

‎05-18-2018 11:27 AM

‎05-18-2018 11:27 AM

Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

I have 200 c7000 enclosures and need to get valid SSL certificates installed on them via Powershell.  Generating the .csr file is working fine via Powershell.

But when I try to use the Add-HPOACertificate command (from the HPOAcmdlets module) to install the .cer file, I get an error.  My .cer file is legit - I can browse to the OA GUI and paste the file contents in - the OA resets and then I can see my new certificate.   But when I try scripting the install using the Add-HPOACertificate command, it quickly returns the error "The CA certificate is invalid." 

Here are the 2 key lines in the Powershell script:

$Target_Cert = Get-Content $Certificate_File -Raw

$Result = Add-HPOACertificate -Connection $Target_OA -Type CA -Certificate $Target_Cert

When I display the contents of $Target_Cert it looks good, and piping it thru Get-Member confirms the data type is String.

 

0 Kudos
Reply
10 REPLIES 10
GZahidi
Advisor

‎05-24-2018 10:56 PM

‎05-24-2018 10:56 PM

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

Hi Steve,

 

Which OA firmware version are you using ?


I am a HPE Employee
0 Kudos
Reply
Steve_Tippett
Frequent Advisor

‎05-25-2018 05:55 PM - last edited on ‎05-28-2018 01:20 AM by

‎05-25-2018 05:55 PM - last edited on ‎05-28-2018 01:20 AM by

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

Firmware 4.80 is installed across our fleet.
Thank you.


Sent with BlackBerry Work

0 Kudos
Reply
GZahidi
Advisor

‎05-29-2018 12:06 AM

‎05-29-2018 12:06 AM

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

Hi,

You can not add SSL certificate through Cmdlet. You need to do it through Web login.

Though you can get the SSL certificate info by using Cmdlet Get-HPEOAcertificate -Type OA .

In your case you are adding SSL certificate and trying to Add certifcate as CA certificate, becuase of this  you are getting error as invalid certificate.


I am a HPE Employee
0 Kudos
Reply
GZahidi
Advisor

‎06-28-2018 10:41 PM

‎06-28-2018 10:41 PM

Solution

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

Use the following cmdlet to import SSL certificate to OA

Start-HPOACertificateDownload -Connection $connection -Type OA -URL ftp://10.12.23.17/cer_southking/ldap_southking.cer -Bay <<Bay number of OA where you want to import certificate>>

 You need to store the certificate at ftp server and specify the full path of the certificate as URL in the cmldet.

Note :- If you do not specify the Onboard Administrator bay number, the certificate is downloaded to the current (Active) Onboard Administrator.


I am a HPE Employee
0 Kudos
Reply
Steve_Tippett
Frequent Advisor

‎06-29-2018 09:37 AM

‎06-29-2018 09:37 AM

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

It's working now - thanks for the valuable advice!

0 Kudos
Reply
Sam2018
Visitor

‎08-28-2018 02:44 PM

‎08-28-2018 02:44 PM

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

We cannot use FTP server in our company, please is there an alternative?

0 Kudos
Reply
Steve_Tippett
Frequent Advisor

‎08-29-2018 06:44 AM

‎08-29-2018 06:44 AM

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

Hello Sam,

I successfully used a TFTP server that I downloaded and installed to my workstation.  Get it at http://tftpd32.jounin.net.

Here's the pertinent Powershell code:

        $URL = "tftp://" + $WorkstationIP_Address + "/" + $Bay1_Certificate_File
        Write-Host " Beginning certificate download to" $Target_FQDN -ForegroundColor Cyan
        $Result = Start-HPOACertificateDownload -Connection $Target_OA -Type OA -Bay 1 -URL $URL
        IF ($Result.StatusType -eq "Error")
            {
            Write-Host $Result.StatusMessage " Press Enter to continue" -ForegroundColor Red
            [console]::Beep(999,2000)
            Read-Host
            }
        ELSE
            {
            Write-Host $Result.StatusMessage " Process will now sleep for 3 minutes." -ForegroundColor Cyan
            Sleep -Seconds 180
            }

0 Kudos
Reply
Sam2018
Visitor

‎08-30-2018 08:42 AM

‎08-30-2018 08:42 AM

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

Hello Steve,

Thanks a lot for providing the TFTP alternative. Unfortunately, I cannot use this either. Please is there an option to use a share (\\server\file) or a local file (c:\file)?

0 Kudos
Reply
Steve_Tippett
Frequent Advisor

‎08-30-2018 09:46 AM

‎08-30-2018 09:46 AM

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

Well, you could read the documentation to see if there are options that suit your situation. And, you didn't explain why you cannot install a TFTP client on your own workstation.
0 Kudos
Reply
Sam2018
Visitor

‎08-30-2018 10:45 AM

‎08-30-2018 10:45 AM

Re: Powershell cmdlet to install a CA certificate on c7000 Onboard Administrator

Thank you for your help. We have a very strict security policy so I cannot use FTP or TFTP, not even on my workstation. I have checked the documentation before posting here but it only mentioned the "-url" option using a protocal (example: FTP). I just wanted to check if there is a way for this to work which would save me replacing the certificate manually on all c7000s.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.