- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Remote Server Management
- >
- ILO2 refuse to import somes X509 certificates
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2013 06:50 AM
01-19-2013 06:50 AM
ILO2 refuse to import somes X509 certificates
Hello ,
I generate a csr for my server . I generate 2 certficate form the same csr via 2 CA .
When i use a instantssl.com pki i can import the certficate
When i use startssl.com pki , i can not import the certificate .
When i extract with openssl information from certificates i have :
from startssl.com
Subject: description=kk5U45Jfhfy8CV4S, C=FR, CN=srv435.mngt.mydom.fr/emailAddress=tech@mydom.fr
from instantssl.com
Subject: OU=Domain Control Validated, OU=Free SSL, CN=srv435.mngt.mydom.fr
has someone a workaround for using startssl.com pki ?
the error i have from the web interface
The Certificate could not be imported from the supplied X.509 Certificate data.
The Common name on the certificate does not match the DNS name of Integrated Lights-Out. Make sure that the X.509 Certificate data was intended for this Integrated Lights-Out.
- Tags:
- certificate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-22-2013 06:53 AM
01-22-2013 06:53 AM
Re: ILO2 refuse to import somes X509 certificates
I bet that if the "/emailAddress=tech@mydom.fr" portion is removed from the CN, it will work.
__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2013 10:10 AM
01-23-2013 10:10 AM
Re: ILO2 refuse to import somes X509 certificates
from: http://stackoverflow.com/questions/6464129/certificate-subject-x-509
emailAddress can be in the subject field of x509 certificate .
It's a bug in ilo implementation :(
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-24-2013 06:51 AM
01-24-2013 06:51 AM
Re: ILO2 refuse to import somes X509 certificates
It says the emailAddress attribute is deprecated. Use altName extension instead.
http://www.oid-info.com/get/1.2.840.113549.1.9.1
__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-27-2013 05:57 AM
01-27-2013 05:57 AM
Re: ILO2 refuse to import somes X509 certificates
From RFC the usage of field is deprecated but permitted .
See end of chapter 4.1.2.6 Subject from ( http://www.ietf.org/rfc/rfc5280.txt )
Conforming implementations generating new certificates with electronic mail addresses MUST use the rfc822Name in the subject alternative name extension (Section 4.2.1.6) to describe such identities. Simultaneous inclusion of the emailAddress attribute in the subject distinguished name to support legacy implementations is deprecated but permitted.