Possibility to change multiple iLO certificate is a OneView environment

micke_christen · ‎01-16-2022

Hi!

Is it someway to exchange iLO self-signed certificate to CA-signed in a OneView environment.
I see it in three step:
* Take out Certificate signing reguest for all iLO.
* Change all certificate in all iLO.
* Change the trusted certificate in OneView for all iLO.

Is it some way to automate this? Rest-API?
First to iLO and then to OneView.

BR
/MIkael

Micke_Christenson

T_1_6 · ‎01-17-2022

Yes there is and I do it using powershell, very raw and basic as I did not have much time, but this will get u going.

You will need the HPE ILO Cmdlets to download also. You can see here what this does for say a cluster of 30 nodes, you will adjust for your own environment. For OneView you simply need to import your RootCA cert for Oneview to trust your own PKI Infrastructure.

#Request iLO CSR Generation

foreach($i in 1..30){

Write-Host "requesting for host xxesxi0$i-ilo"

New-Variable -name "conn_xxesxi0$i" -force -Value (Connect-HPEiLO -Credential $cred -IP xxesxi0$i-ilo.xxx.xxx.domain -DisableCertificateAuthentication)

Start-HPEiLOCertificateSigningRequest -Connection (Get-Variable -valueonly -name "conn_xxesxi0$i") -City xxxxxx -CommonName xxesxi0$i-ilo.xxx.xxx.domain -Country GB -Organization "xxxxxxxx" -State "xxxxxxx" -OrganizationalUnit xxxxx

}

#Wait for CSRs to finish generating

Write-Host "Waiting for CSRs to Generate on iLOs.."

Start-Sleep -s 120

#Go back and grab CSRs and export to file

foreach($i in 1..30){

Write-Host "saving CSR for xxesxi$i-ilo"

$ilocsr = Get-HPEiLOCertificateSigningRequest -Connection (Get-Variable -valueonly -name "conn_xxesxi0$i")

$ilocsr.CertificateSigningRequest | Out-File ./xxesxi0$i-ilo.csr -width 64 -Encoding ascii

}

#request certificates from AD

foreach($i in 1..30){

Write-Host "Requesting Cert from AD for xxesxi0$i"

certreq -config yourcertserver\yourcertserver-CA -attrib "CertificateTemplate:HPiLOCertificate" ./xxesxi0$i-ilo.csr ./xxesxi0$i-ilo.cer

}

#Set certificates on iLOs

foreach($i in 1..30){

$cert = get-content -Path ./xxesxi0$i-ilo.cer -Raw -Force

Import-HPEiLOCertificate -Connection (Get-Variable -valueonly -name "conn_xxesxi0$i") -Certificate $cert -Verbose

}

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Possibility to change multiple iLO certificate is a OneView environment

Possibility to change multiple iLO certificate is a OneView environment

Re: Possibility to change multiple iLO certificate is a OneView environment