- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Remote Server Management
- >
- Import-HPEiLOCertificate Status ERROR
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-03-2018 01:38 AM - edited тАО12-03-2018 01:54 AM
тАО12-03-2018 01:38 AM - edited тАО12-03-2018 01:54 AM
Import-HPEiLOCertificate Status ERROR
Hi,
Importing the Base64-encoded X.509 certificate with Import-HPEiLOCertificate give me the Status ERROR without not much information. And Certificate is not imported, but this CMDLets is needed to automatisation script.
Import-HPEiLOCertificate -Connection $connection -Certificate $cert1 -Verbose VERBOSE: Performing the operation "Import-HPEiLOCertificate" on target "IP: 1XX.XX.XX.XXX". VERBOSE: [Import-HPEiLOCertificate] Executing the cmdlets with 1 task serially. VERBOSE: [Import-HPEiLOCertificate][esx01.xxx]: Creating web request. VERBOSE: [Import-HPEiLOCertificate][esx01.xxx]: Writting request stream. VERBOSE: [Import-HPEiLOCertificate][esx01.xxx]: Getting web response. VERBOSE: [Import-HPEiLOCertificate][esx01.xxx]: Processing RIBCL response. IP Hostname Status StatusInfo -- -------- ------ ---------- 1XX.XX.XX.XXX esx01.xxx ERROR HPE.iLO.Response.StatusInfo
Taking same Certificate and pasting into iLO4 (Administration -> Security -> SSL Certificate -> Customize Certificate -> Import Certificate ) works fine.
I used also Enable-HPEiLOLog but I don't see any errors there. Here is part of log:
...
HPE.Framework.Logging.Logger.LogMessage INFO - [Import-HPEiLOCertificate][esx01.xxx][CreateWebRequest]: Begin
HPE.Framework.Logging.Logger.LogMessage INFO - [Import-HPEiLOCertificate][esx01.xxx][CreateWebRequest]: Creating web request.
HPE.Framework.Logging.Logger.LogMessage INFO - [Import-HPEiLOCertificate][esx01.xxx][CreateWebRequest]: Posting ribcl payload to https://esx01.xxx/ribcl
HPE.Framework.Logging.Logger.LogMessage INFO - [Import-HPEiLOCertificate][esx01.xxx][CreateWebRequest]: Writting request stream.
HPE.Framework.Logging.Logger.LogMessage INFO - [Import-HPEiLOCertificate][esx01.xxx][CreateWebRequest]: End
HPE.Framework.Logging.Logger.LogMessage INFO - [Import-HPEiLOCertificate][esx01.xxx][BuildCommand]: RIBCL command: <RIBCL VERSION="2.30">
<LOGIN USER_LOGIN="XXXXX" PASSWORD="XXXX">
<RIB_INFO MODE="write">
<IMPORT_CERTIFICATE>-----BEGIN CERTIFICATE-----
..
..
..
-----END CERTIFICATE-----
</IMPORT_CERTIFICATE>
<RESET_RIB />
</RIB_INFO>
</LOGIN>
</RIBCL>
HPE.Framework.Logging.Logger.LogMessage INFO - [Import-HPEiLOCertificate][esx01.xxx][BuildCommand]: End
HPE.Framework.Logging.Logger.LogMessage INFO - [Import-HPEiLOCertificate][esx01.xxx][SendCommand]: Begin
HPE.Framework.Logging.Logger.LogMessage INFO - [Import-HPEiLOCertificate][esx01.xxx][SendCommand]: Getting web response.
HPE.Framework.Logging.Logger.LogMessage INFO - [Import-HPEiLOCertificate][esx01.xxx][SendCommand]: End
HPE.Framework.Logging.Logger.LogMessage INFO - [Import-HPEiLOCertificate][esx01.xxx][ProcessResponse]: Begin
HPE.Framework.Logging.Logger.LogMessage INFO - [Import-HPEiLOCertificate][esx01.xxx][ProcessResponse]: Processing RIBCL response.
HPE.Framework.Logging.Logger.LogMessage INFO - [Import-HPEiLOCertificate][esx01.xxx][ProcessRIBCLResponse]: Begin
HPE.Framework.Logging.Logger.LogMessage INFO - [Import-HPEiLOCertificate][esx01.xxx][ProcessRIBCLResponse]: Checking for RIBCL errors in the response and creating the error object if any.
HPE.Framework.Logging.Logger.LogMessage INFO - [Import-HPEiLOCertificate][esx01.xxx][ProcessRIBCLResponse]: End
HPE.Framework.Logging.Logger.LogMessage INFO - [Import-HPEiLOCertificate][esx01.xxx][ProcessResponse]: End
I am using: HPEiLOCmdlets 2.1.0.0 and the iLO4 have Firmware version 2.61
iLO4 have currenlty HPE self-signed Certificate and I would like to replace it with the new Certificate signed by Microsoft CA which is used in house. The CSR was generated with Start-HPEiLOCertificateSigningRequest.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-03-2018 02:34 AM
тАО12-03-2018 02:34 AM
Re: Import-HPEiLOCertificate Status ERROR
Hi,
Can you tell me how you are reading the content of certificate from the external file. i.e., from $cert1.
Import-HPEiLOCertificate -Connection $connection -Certificate $cert1 -Verbose
I suspect that while doing get-content from certificate file you should have missed -raw option. Try that i hope it should solve the issue if the certificate is valid. Refer Import-HPEiLOCertificate cmdlets Get-Help.
$cert1 = Get-Content -Raw -Path "<<Path of certficate>>"
I am a HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-03-2018 03:55 AM
тАО12-03-2018 03:55 AM
Re: Import-HPEiLOCertificate Status ERROR
I do use -Raw option by reading the content of the certificate file and the $cert1 does have same content as when I open the Certificate file with Notepad++, and it is base64-encoded X.509 Certificate.
$cert1 = Get-Content -Path "$scriptpath\$shorthost.cer" -Raw
I also tried as in Import-HPEiLOCertificate exmaples (help)
$cert = @" -----BEGIN CERTIFICATE----- ....my certificate file copy/paste -----END CERTIFICATE----- "@ Import-HPEiLOCertificate -Connection $connection -Certificate $cert -Verbose
But I get again Status: ERROR and Certificate is not imported. Weird that there is no other Error message, not in Console or over HPELOLog function.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-03-2018 05:34 AM - edited тАО12-03-2018 05:54 AM
тАО12-03-2018 05:34 AM - edited тАО12-03-2018 05:54 AM
Re: Import-HPEiLOCertificate Status ERROR
I found in Import-HPiLOCertificate Help also an Parameter "-OutputType" and I used RawResponse and get Error message "Invalid certificate common name" . But as I wrote same certificate can be imported to iLO4 using webgui without problem.
-OutputType RawResponse
PS C:\> Import-HPEiLOCertificate -Connection $connection -Certificate $cert1 -OutputType RawResponse -Verbose
VERBOSE: Performing the operation "Import-HPEiLOCertificate" on target "IP: 1XX.XXX.XXX.XXX".
VERBOSE: [Import-HPEiLOCertificate] Executing the cmdlets with 1 task serially.
VERBOSE: [Import-HPEiLOCertificate][esx01.xxx]: Creating web request.
VERBOSE: [Import-HPEiLOCertificate][esx01.xxx]: Writting request stream.
VERBOSE: [Import-HPEiLOCertificate][esx01.xxx]: Getting web response.
VERBOSE: [Import-HPEiLOCertificate][esx01.xxx]: Processing RIBCL response.
Target: esx01.xxx
URL: https://esx01.xxx/ribcl
ContentType: text/xml
Response: <?xml version="1.0"?>
<RIBCL VERSION="2.23">
<RESPONSE
STATUS="0x0000"
MESSAGE='No error'
/>
</RIBCL>
<?xml version="1.0"?>
<RIBCL VERSION="2.23">
<RESPONSE
STATUS="0x0000"
MESSAGE='No error'
/>
</RIBCL>
<?xml version="1.0"?>
<RIBCL VERSION="2.23">
<RESPONSE
STATUS="0x0000"
MESSAGE='No error'
/>
</RIBCL>
<?xml version="1.0"?>
<RIBCL VERSION="2.23">
<RESPONSE
STATUS="0x0041"
MESSAGE='Invalid certificate common name'
/>
</RIBCL>
Ist this the "Subject" from the Certificate? It does look ok, and this (expect CN=) have all certificate in house.
certutil -dump shorthost.cer
.....
Subject:
CN=esx01.xxx.some-domain.at
OU=IT
O=some-domain
L=City
S=City
C=at
Name Hash(sha1): XXXX
Name Hash(md5): XXXX
...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-03-2018 11:05 PM
тАО12-03-2018 11:05 PM
Re: Import-HPEiLOCertificate Status ERROR
Hi,
The error what you are getting is from iLO server and you need to check with iLO team on below error.
Invalid certificate common name'
I suspect "-" in the CN could be the issue which cmd line is not accepting but Web GUI. ( HPQLOCFG tool we use internally to send RIBCL xml request to iLO server). To confirm iLO issue you can download the HPQLOCFG tool and provide the signed certificate to iLO server to confirm its an iLO issue. But PowerShell cmdlets has nothing to do with this error. Let me know if you need more help.
Thanks,
Gokul
I am a HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-05-2018 04:31 AM
тАО12-05-2018 04:31 AM
Re: Import-HPEiLOCertificate Status ERROR
How can it be iLO4 issue if the Import over iLO4 self does work by coping content of Certificate file and pasting into iLO4 egg: iLO4 (Administration -> Security -> SSL Certificate -> Customize Certificate -> Import Certificate ) .