HPE Community
ProLiant Servers (ML,DL,SL)
1819931 Members
3098 Online
109607 Solutions
New Discussion

ILO Powershell cmdlets - Import-HPiLOCertificate not successful

 
NWMrTim
Occasional Visitor

‎04-26-2016 02:57 PM - edited ‎04-27-2016 01:34 PM

‎04-26-2016 02:57 PM - edited ‎04-27-2016 01:34 PM

ILO Powershell cmdlets - Import-HPiLOCertificate not successful

Good afternoon,

I installed the ILO powershell cmdlets, and am very excited that I can start automating management of numerous ILOs using powershell.

The first thing I did was generate a bunch of Certificates, but hit a snag when I went to import them with the "Import-HPiLOCertificate" cmdlet.  I kept getting an error saying "invalid common name" when attempting to import certificates.

Checklist:

the ILO FQDNs are entered into DNS with the correct IP address. format is HOSTNAME-ilo.domain.local

these are DL360 Gen 9, and there are 4 places you must designate "the network name" of the ILO, and I double and triple checked that all are entered correctly and the same (even upper and lower case for that matter)

the "Get-HPiLOCertificateSigningRequest" powershell cmdlet worked flawlessly to create the certificate request files (.CSR or .REQ) other than I have to write in a delay to check if status has completed generating the cert - it takes a minute or two even if you click the button in the GUI.

I have a script that signs the certificates in the CA against what is in DNS.  signing works for other services (like SCOM and SCCM) and I can manually sign them as well.

Manually importing by logging into the ILO and copy / paste in the certificate dialog box works without a problem.

has anyone else encountered this?

Thanks!

Tim

Code: (simplified for this post, but will work as is)

$creds= Get-Credential Administrator

$servers = (Get-Content ILOlist.txt)   #local txt file with short names like  HOSTNAME-ilo
foreach ($server in $servers)
{
  $ILOCSR = Get-HPiLOCertificateSigningRequest -Server $server -credential $creds

  $ILOCSR.CERTIFICATE_SIGNING_REQUEST  | Out-File C:\temp\Certs\ILO\$server.req -width 64 -Encoding ascii

 }

0 Kudos
Reply
4 REPLIES 4
GokulKS
HPE Pro

‎06-14-2016 04:02 AM

‎06-14-2016 04:02 AM

Re: ILO Powershell cmdlets - Import-HPiLOCertificate not successful

Hi,

Can you send me the the Import-HPiLOCertificate cmdlet you executed with parameters and its output with PoewrShell envirnoment details.

HPE PowerShell Team

Gokul


I am a HPE Employee

Accept or Kudo

0 Kudos
Reply
NWMrTim
Occasional Visitor

‎06-22-2016 10:45 AM - edited ‎06-22-2016 11:03 AM

‎06-22-2016 10:45 AM - edited ‎06-22-2016 11:03 AM

Re: ILO Powershell cmdlets - Import-HPiLOCertificate not successful

OK so the first script was requesting the cert .REQ files, which then get signed (and I need to add a timing loop to that one)

after they get signed I put them in a folder, and this script reads the server's certificate file name, and imports based on what is present in the folder "C:\temp\certs\ILO"

$creds = Get-Credential Administrator  # prompts for password

$servers = (Get-Childitem  C:\temp\Certs\ILO\*.cer).basename
foreach ($server in $servers)
{
     Import-HPiLOCertificate -server $server -Credential $creds -Certificate (Get-Content C:\temp\Certs\ILO\$server.cer) -force
     write-host "Success for $server..."  # more of a place holder to indicate progress...

}

 

This would all work perfectly except it says:  "Error - bad common name"

in DNS the server is added as  "hostname" (like hostname.domain.local), and the name of the ILO is added like: "hostname-ilo" (so fqdn would be hostname-ilo.domain.local)

In the ILO Ihave noticed there are 4 places to put the "Name" of the ILO, and one is labeled "Server"  so I dont know what name format needs to go where to get the certificate to match up.  I would love to be able to cycle through and rename all 4 of those fields, but I  need to use "Set-HPILOServerName" and "Set-HPILONetworkSetting -Server $server -DNSName ($server + "-ilo"), and I dont think that covers renaming the ILO.  suggestions??

So how can I name the ILOs properly so that when I generate Certificates, I can import the without a "bad common name" error?

 

Thanks

0 Kudos
Reply
GokulKS
HPE Pro

‎07-01-2016 02:36 AM

‎07-01-2016 02:36 AM

Re: ILO Powershell cmdlets - Import-HPiLOCertificate not successful

Hi,

I think i got your problem its not the issue with servername or iLO hostname which is causing certificate import failing.

Problem is with get-content not using -Raw. Once you add that into your script and read the content from .cer file then

you don't hit the issue Invalid certificate common name.

$cert1 = get-content -Path C:\Users\user1\Desktop\certnew_for_165.cer -Raw

Import-HPiLOCertificate -server $server -Credential $cred -Certificate $cert -DisableCertificateAuthentication -Verbose

Let me know if this helps.

Thanks,

Gokul

HPE PowerShell Team

 


I am a HPE Employee

Accept or Kudo

Reply
LS_ger
Occasional Advisor

‎06-23-2020 05:37 AM

‎06-23-2020 05:37 AM

Re: ILO Powershell cmdlets - Import-HPiLOCertificate not successful

Don't know about the OP, but it worked for me and saved me from running into the same issue.

Thanks !

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.