HPE Community
HPE OneView
1833323 Members
3279 Online
110051 Solutions
New Discussion

Re: HPE Oneview manage Certificates with Powershell

 
erki72
Frequent Advisor

Thursday

Thursday

HPE Oneview manage Certificates with Powershell

Hello there,

We are using HPE OneView to manage our ESXi VM hosts (ProLiant DL385 Gen10 Plus) and also use iLO within our company. To secure web access on iLO, we rely on a third-party certificate authority to issue web certificates.

Currently, generating the CSR and importing web certificates is done using PowerShell scripts, with the following modules:

  • HPEOneView.830
  • HPEiLOCmdlets

At the moment, I have to log in to each iLO individually to replace its web certificate.

I would like to know if it is possible to use the OneView REST API with Auth Token to update iLO web certificates automatically, without having to log in to each iLO manually every time.

Thanks for help

Reply
3 REPLIES 3
Supreeth_B
HPE Pro

Sunday - last edited Sunday

Sunday - last edited Sunday

Re: HPE Oneview manage Certificates with Powershell

Hi @erki72,

Yes, HPE OneView REST API can be used to automate the process of updating iLO web certificates for ProLiant servers. With the OneView REST API, you can interact with the iLO management interfaces of your hosts programmatically without logging into each iLO separately.

  1. Authenticate with OneView: Send a POST request to /rest/login-sessions with your OneView credentials to get an authentication token.
  2. Retrieve Server Hardware Details: Query /rest/server-hardware to get a list of servers and their ilo_IP_Address.
  3. Generate CSR: Use the HPE iLO RESTful API or PowerShell (HPEiLOCmdlets) to generate a Certificate Signing Request (CSR) for each iLO.
  4. Issue Certificates: Submit the CSR to your third-party certificate authority and obtain signed certificates.
  5. Update iLO Certificates: Use /rest/server-hardware/{id}/actions/update-ilo-certificate to upload the signed certificate to the iLO.

Hope this information has helped you, Please click on the "Thumbs Up/Kudo" icon as a token of appreciation. Also, if this post has helped to solve your issue, consider marking this as an "Accepted Solution".

Regards,
Supreeth.



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
gk2199
Visitor

yesterday

yesterday

Re: HPE Oneview manage Certificates with Powershell

Hi @Supreeth_B  ,

thanks for your reply, I am a colleague of @erki72 and working on same project.

To generate an iLO CSR, the solution you provided with HPEiLOCmdlets is already in use, but it requires logging in to each iLO separately via the iLO REST API.

If there is a way to log in to iLO using the OneView session, that would be very helpful. Do you know of any other solutions?

Thanks and regards,
Gibe

0 Kudos
Reply
ChrisLynch
HPE Pro

yesterday

yesterday

Re: HPE Oneview manage Certificates with Powershell

Yes, you can.  As long as the target server generations are Gen10 or newer.  You will need a combination of the following Cmdlets

  • Get-OVIloSso (from the HPE OneView PowerShell Cmdlets)
  • Connect-HPEiLO -XAuthToken
# Get an iLO REST auth connection from OneView
$OVServerIloSso = Get-OVServer -Name MyServersName | Get-OVIloSso -IloRestSession

# Create a new iLO Connection object using New-
$connection = Connect-HPEiLO -IP ([Uri]$OVServerIloSso.RootUri).DnsSafeHost -XAuthToken $OVServerIloSso.'X-Auth-Token' -DisableCertificateAuthentication

# Import your CA signed cert
Import-HPEiLOCertificate -Connection $connection

 

I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.