I got asked over PM if there was any solution for this. I am afraid not, our Feature Request is still not fullfilled, but it is still open. There could be an workarround for these using Microsoft CA and where the EDITF_ATTRIBUTESUBJECTALTNAME2 is enabled.
Create CSR with iLO5 with all the Fields it currently allows us (i am using csv with Column "iLOHostname" and "iLOIP" :
$connection = Connect-HPEiLO -Credential $credential -IP $ilofqdn.iLOHostname -Timeout 200 -DisableCertificateAuthentication
Start-HPEiLOCertificateSigningRequest -Connection $connection -City <City> -CommonName $ilofqdn.iLOHostname -Country <country> -Organization <organisation> -State <state> -OrganizationalUnit IT -IncludeiLOIP
get your CSR (i put pause for 60 sec in my script, to let CSR be created):
$output = Get-HPEiLOCertificateSigningRequest -Connection $connection
$output.CertificateSigningRequest | Out-File "$scriptpath\csr\$ilofqdn.iLOHostname.csr" -Encoding ascii -Force
then submit the CSR with additional parameters to Microsoft CA by using this command line tool:
# you need to define all variable yourself or just type them in request.
$certreq = 'c:\Windows\System32\certreq.exe -submit -config $certificateserver -attrib "SAN:dns=$srvILO&dns=$shorthost&dns=$dnssrvilo&IPAddress=$dnssrvilo" -attrib "CertificateTemplate:$certificatetemplate" "$scriptpath\csr\$ilofqdn.iLOHostname.csr"'
You will get as output an ID which you can provide to your CA Admin to issue it, after that you can grab your certificate
$certretrieve = 'certreq.exe -retrieve -config $certificateserver $_.RequestId "$scriptpath\cert\$shorthost.crt"'
Finaly import it to iLO5
$cert1 = Get-Content -Path "$scriptpath\cert\$shorthost.crt" -Raw
# Base64-encoded X.509 certificate
$StatusInfo = Import-HPEiLOCertificate -Connection $connection -Certificate $cert1
Hopes this help someone in future.
