HPE Community
Servers - General
1848891 Members
4656 Online
104038 Solutions
New Discussion

Re: Remove Stale certificates from iLO

 
MCSAP
Frequent Advisor

‎02-09-2022 11:40 AM - last edited on ‎02-10-2022 10:50 PM by

‎02-09-2022 11:40 AM - last edited on ‎02-10-2022 10:50 PM by

Remove Stale certificates from iLO

Hi,

I updated my CA cert on my OneView appliance and in the process all 600+ connections refreshed.  I have 100+ warning that the iLO SSO won't work due to a certificate size of 3k blah, blah, blah.  The workaround is to go into the iLO and delete the stale (old) cert from the "Manage Trusted Certificate and Records" area.

For whatever reason, deleting the "red x" cert entry clears the OneView SSO/iLO warning.

Anyone have a script to do this rather than me connecting to 100+ individual iLOs?

Gen9 & iLO 4

Many thanks!

1 person had this problem.
0 Kudos
Reply
2 REPLIES 2
Suman_1978
HPE Pro

‎02-10-2022 07:19 PM

‎02-10-2022 07:19 PM

Re: Remove Stale certificates from iLO

Hi,

As far as I know, there is no such script.  But I could be wrong.  Request you to contact HPE Support for help.

Here is the "HPE iLO 4 Scripting and Command Line Guide" if you need any other scripts.
https://support.hpe.com/hpesc/public/docDisplay?docId=c03334058

Thanks



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
Michiel_NN
Visitor

‎03-22-2023 04:16 AM

‎03-22-2023 04:16 AM

Re: Remove Stale certificates from iLO

After a couple of servers I decided to create a script. I use HPE Lights-Out Configuration Utility to run a couple of RIBCL-commands. I created an XML-file with the commands and ran it against the ip-address of the iLO's.

HPQLOCFG.exe -s 10.120.204.86 -f C:\Temp\replace_cert.xml -l C:\Temp\Logs\replace_cert.txt -v

The xml looks like this:

<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="Administrator" PASSWORD="password">
<SSO_INFO MODE="write">
<DELETE_SERVER INDEX="1" />
<IMPORT_CERTIFICATE>
-----BEGIN CERTIFICATE-----
MIIFxTCCA62gAwIBAgIJAJTtQTFDW

-----END CERTIFICATE-----
</IMPORT_CERTIFICATE>
</SSO_INFO>
<RIB_INFO MODE = "write">
<RESET_RIB/>
</RIB_INFO>
</LOGIN>
</RIBCL>

 

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.