HPE Community
Server Management - Remote Server Management
1825805 Members
2041 Online
109687 Solutions
New Discussion

Re: Query: hponcfg set encryption level

 
BradV
Esteemed Contributor

‎08-05-2022 05:57 AM - last edited on ‎08-08-2022 02:27 AM by

‎08-05-2022 05:57 AM - last edited on ‎08-08-2022 02:27 AM by

hponcfg set encryption level

I've been searching, but have not found it.  Is it possible to use hponcfg to change the iLO 5 encryption level?

0 Kudos
Reply
10 REPLIES 10
support_s
System Recommended

‎08-05-2022 06:58 AM

‎08-05-2022 06:58 AM

Query: hponcfg set encryption level

System recommended content:

1. NonStop Volume Level Encryption (NSVLE) Guide

 

Please click on "Thumbs Up/Kudo" icon to give a "Kudo".

 

Thank you for being a HPE valuable community member.


Accept or Kudo

0 Kudos
Reply
BradV
Esteemed Contributor

‎08-05-2022 07:18 AM

‎08-05-2022 07:18 AM

Re: Query: hponcfg set encryption level

I'm not sure what nonstop volume is?  I assume a storage device?  I am asking about Proliant DL Gen 10 iLO encryption level.

0 Kudos
Reply
Suman_1978
HPE Pro

‎08-07-2022 10:37 PM

‎08-07-2022 10:37 PM

Re: Query: hponcfg set encryption level

Hi @BradV 

Can you please be more specific, like, what encryption level do you want to set?
iLO 5 comes with the following security states:
Production, High Security, FIPS and CNSA
HPE iLO 5 Security Technology Brief

You may refer to HPE iLO 5 Scripting and Command Line Guide, Page# 156 for an FIPS example.

Thank You!
I work with HPE but opinions expressed here are mine.
Recent Support Video Releases



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
BradV
Esteemed Contributor

‎08-08-2022 03:17 AM

‎08-08-2022 03:17 AM

Re: Query: hponcfg set encryption level

Yes, I am aware of the various encryption levels.  Page 156 only shows how to retrieve if the iLO is in FIPS mode.  We run all of our servers in high security.  I know how to use the iLO REST API to retrieve/set this information, but we have one server on which iLO is not responding.  I can run hponcfg commands against it, but the gui and REST API are not working.  I want to change it to production security to make sure the encryption level is not causing the problems.

0 Kudos
Reply
Suman_1978
HPE Pro

‎08-08-2022 03:30 AM

‎08-08-2022 03:30 AM

Re: Query: hponcfg set encryption level

Hi,

iLO 5 is not responding.  Have you reset iLO?
HPE Integrated Lights Out (iLO 5) for Gen10 Servers - Managing iLO Reboots, Factory Reset, and NMI

Thank You!
I work with HPE but opinions expressed here are mine.
Recent Support Video Releases



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
BradV
Esteemed Contributor

‎08-08-2022 03:53 AM - last edited on ‎08-08-2022 09:32 PM by

‎08-08-2022 03:53 AM - last edited on ‎08-08-2022 09:32 PM by

Re: Query: hponcfg set encryption level

@Suman_1978 

Yes.  I did run a reset, but that did not fix. 

In any case, my original question is how to query/set iLO encryption level using hponcfg.  I still do not see that as an available option.  Is that correct?

0 Kudos
Reply
Suman_1978
HPE Pro

‎08-09-2022 12:08 AM

‎08-09-2022 12:08 AM

Re: Query: hponcfg set encryption level

Hi,

HPE iLO 5 Scripting and Command Line Guide
Page#125, GET_ENCRYPT_SETTINGS

Use the GET_ENCRYPT_SETTINGS command to display the current encryption settings for a Lights-out device. For this command to parse correctly, the command must appear within a RIB_INFO command block, and RIB_INFO MODE must  be set to read. For example:
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="adminname" PASSWORD="password">
<RIB_INFO MODE="read">
<GET_ENCRYPT_SETTINGS/>
</RIB_INFO>
</LOGIN>
</RIBCL>
The following operations are performed to verify the configuration settings before displaying the primary and secondary ESKM server details:
• iLO connects to the primary ESKM server (and secondary ESKM server, if configured) over SSL.
• iLO tries to authenticate to the ESKM by using the configured credentials and account.
• iLO confirms that the version of the ESKM software is compatible with iLO.
If any of the operations fail, the primary and secondary ESKM server details are displayed as NULL even though they are configured in iLO.

Thank You!
I work with HPE but opinions expressed here are mine.
Recent Support Video Releases



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
BradV
Esteemed Contributor

‎08-09-2022 02:10 AM - last edited on ‎08-09-2022 09:23 PM by

‎08-09-2022 02:10 AM - last edited on ‎08-09-2022 09:23 PM by

Re: Query: hponcfg set encryption level

@Suman_1978 

Yes, I did see that, but it is not the iLO encryption level.  Try running it.  It gives back information related to enterprise secure key manager:

 

<GET_ENCRYPT_SETTINGS>
  <ENABLE_REDUNDANCY VALUE="Y"/>
  <ESKM_CERT_NAME VALUE=""/>
  <ESKM_ACC_NAME VALUE="ilo-eceb88c578"/>
  <ESKM_GRP_NAME VALUE=""/>
  <ESKM_PRIMARY_SERVER_ADDRESS VALUE=""/>
  <ESKM_PRIMARY_SERVER_PORT VALUE="0"/>
  <ESKM_SECONDARY_SERVER_ADDRESS VALUE=""/>
  <ESKM_SECONDARY_SERVER_PORT VALUE="0"/>
</GET_ENCRYPT_SETTINGS>

 

So, that has nothing to do the iLO encryption level. 

0 Kudos
Reply
Suman_1978
HPE Pro

‎08-10-2022 08:58 AM

‎08-10-2022 08:58 AM

Re: Query: hponcfg set encryption level

Hi,

I am running out of ideas, lets see if other members can give any suggestions/solution.

If not, you may need to log a support case with HPE to get answers.

Thank You!
I work with HPE but opinions expressed here are mine.
Recent Support Video Releases



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
BradV
Esteemed Contributor

‎08-11-2022 08:18 AM

‎08-11-2022 08:18 AM

Re: Query: hponcfg set encryption level

I did submit a support ticket.  If I get an answer, I'll post it back here in case anyone else is looking?

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.