HPE Community
ProLiant Servers (ML,DL,SL)
1822549 Members
2825 Online
109642 Solutions
New Discussion

ILO4 FW 2.55 - "The Self-signed SSL certificate can now be regenerated"

 
Gyro77
Frequent Visitor

‎02-08-2018 05:20 PM

‎02-08-2018 05:20 PM

ILO4 FW 2.55 - "The Self-signed SSL certificate can now be regenerated"

Noticed this addition to the 2.55 ILO4 firmware release, thought I would give it a go in a few of our test labs where we don't bother with CA issued certs, but I don't see any new buttons or features in the ILO Web Inerface to initiate this "regeneration".  I checked in the RBSU and didn't see anything there, nor in the F8 menu at boot time.  I haven't ssh'd in to check there yet.  Just figured I would ask here:  Anyone figured out how this gets done?  Link to relevant release here:

https://support.hpe.com/hpsc/swd/public/detail?sp4ts.oid=1009143853&swItemId=MTX_6325ea9b58fd4191abac45a154&swEnvOid=4184#tab2

 

0 Kudos
Reply
3 REPLIES 3
Suman_1978
HPE Pro

‎03-01-2018 06:18 AM

‎03-01-2018 06:18 AM

Re: ILO4 FW 2.55 - "The Self-signed SSL certificate can now be regenerated"

Hi,

I came across this advisory which hints on regenarating Self-signed SSL certificate.
https://support.hpe.com/hpsc/doc/public/display?sp4ts.oid=null&docLocale=en_US&docId=emr_na-a00042194en_us

NOTE: iLO generates a new self-signed SSL certificate when iLO is reset to factory defaults or when the iLO hostname is changed.

Also see this community thread.
https://community.hpe.com/t5/HPE-OneView/HP-Oneview-4-0-upgrade-Issues/td-p/6992348

Thank You!
I am a HPE employee
_________________________________________
Was the post useful? Click on the white KUDOS! Thumb below.  Kudos is a way of saying thank you to a post.
// Useful Links for ProLiant Servers / Community FAQ / Rules of Participation / Servers Blog //



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
spills737
Occasional Visitor

‎08-15-2018 09:20 AM

‎08-15-2018 09:20 AM

Re: ILO4 FW 2.55 - "The Self-signed SSL certificate can now be regenerated"

Firmware v2.60 makes regenerating a new self signed cert much easier now.   Under Administration/Security/SSL Certificate - a 'Remove' button now exists.   Removing the cert and resetting the iLO auto generates a new self signed cert.

0 Kudos
Reply
glycerin
Visitor

‎12-20-2024 03:23 AM

‎12-20-2024 03:23 AM

Re: ILO4 FW 2.55 - "The Self-signed SSL certificate can now be regenerated"

I wonder if it is possible to generate, extrernally, a brand new self-signed certificate for an iLo4 card.

In this case the firmware release is 2.82 Feb 06 2023.

These are the steps done

openssl req -x509 \
-sha256 -days 7200 \
-nodes \
-newkey rsa:4096 \
-subj "/CN=xxxxxxxxxxxxxx/C=US/L=Houston" \
-keyout rootCA.key -out rootCA.crt
openssl x509 -req -in iLo.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out iLo.crt -days 7200

Everytime that I load this certificate I receive this message.

Without any specific indication about the Error.

Any hints?

 

Error: The Certificate could not be imported from the supplied X.509 Certificate data.

Verify the following:
- The input text was base64-encoded X.509 certificate data.
- The provided certificate data was intended for this server (not another server).

 

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.