ProLiant Servers (ML,DL,SL)
1748066 Members
5389 Online
108758 Solutions
New Discussion

Re: Intermediate CA certificates

 
alexvandenzel
New Member

Intermediate CA certificates

Hi,

In our (very large) organisation we have a private CA setup for all our internal web-interfaces (security policy). Now it seems the ILO4 on our very new DL380 Gen9 is not able to handle the intermediate CA certificates. Which is more or less mandatory for webservers.

I propose a feature, where it is possible to add intermediate CA certificates, or a certificate chain file (all certificates concatenated). So probably more memory is needed in the ILO system., but memory is cheap nowadays.

Regards,

Alex.

6 REPLIES 6
Jimmy Vance
HPE Pro

Re: Intermediate CA certificates


@alexvandenzel wrote:

Hi,

In our (very large) organisation we have a private CA setup for all our internal web-interfaces (security policy). Now it seems the ILO4 on our very new DL380 Gen9 is not able to handle the intermediate CA certificates. Which is more or less mandatory for webservers.

I propose a feature, where it is possible to add intermediate CA certificates, or a certificate chain file (all certificates concatenated). So probably more memory is needed in the ILO system., but memory is cheap nowadays.

Regards,

Alex.


I've passed your enhancement request on the the iLO team.

For now you can install the intermediate CA certificate in the browser, so that both the intermediate CA and the iLO Cert are available during the SSL handshake and the chain can be completed normally. This is inconvenient, but it works.

 

No support by private messages. Please ask the forum! 
KeithL
New Member

Re: Intermediate CA certificates

Did this feature enhancement ever go anywhere?   I could use it too for SSL/TLS certificate validation where I need to have the iLO send the whole certificate chain :   cert->intermediate->root.

vbezhenar
Occasional Advisor

Re: Intermediate CA certificates

I'd like to add my vote as well. I can't properly use letsencrypt certificate because of this issue. Actually automatic support of letsencrypt would be just awesome, but at least intermediate certificates should work as well.

ebarrere
New Member

Re: Intermediate CA certificates

+1

Speeddymon
Occasional Advisor

Re: Intermediate CA certificates

Bump...

We also have a private CA. In addition, we have a requirement for our Qualys security scanners to be able to validate our privately signed certificates from our enterprise trusted root, but we have no way to install the root and intermediate certificates within those scanners, and so we require to be able to upload a CA bundle into the iLO.

otbncmek
Occasional Visitor

Re: Intermediate CA certificates

I'm experiencing the same issue.