SSL certificate import problem using iLO3 (rx2800 i2)

Post Reply

Topic author
way_sz
Newbie
Posts: 3
Joined: Thu Jul 11, 2019 6:00 pm
Reputation: 0
Status: Offline

SSL certificate import problem using iLO3 (rx2800 i2)

Post by way_sz » Wed Apr 01, 2020 1:36 pm

Greeting to everybody!

I have the problem of creation and importing SSL 2048 after CSR. That certificate for web access to iLO on rx2800i2 server.

The existing self- signed certificate works. The certificate details are the following:

Signature algorithm: sha256RSA
Signature hash algorithm: sha256
.
.
.
Public key: RSA (1024 Bits)
Key Usage: Certificate Signing, Off-line CRL Signing, CRL Signing (06)

The intention is to use 2048 Bits certificate after its creation within a Certificate Signing Request (CSR), for the stronger security. The problem is that iLO refused to import generated certificate.

If you have experience to do that, please provide the proper steps and values sample for certificate data, which is to be sent to CSR. I need the detailed instructions on how to fill the parameters for CSR and how to generate the 2048 bits certificate, compatible to iLO3 import.

Thanks.

Sergey Zadorozhny


gil
VSI Expert
Visitor
Posts: 2
Joined: Thu Apr 02, 2020 3:05 am
Reputation: 0
Status: Offline

Re: SSL certificate import problem using iLO3 (rx2800 i2)

Post by gil » Thu Apr 02, 2020 3:09 am

Hello Sergey,
Please, specify what version of SSL you have installed on your rx2800.
Regards, Eugeny.


Topic author
way_sz
Newbie
Posts: 3
Joined: Thu Jul 11, 2019 6:00 pm
Reputation: 0
Status: Offline

Re: SSL certificate import problem using iLO3 (rx2800 i2)

Post by way_sz » Thu Apr 02, 2020 2:04 pm

Hello, Eugeny,

Both SSL certificates have V3. Currently used one is a 1024 bit long self signed, vendor provided certificate. I am trying to import a new 2048 bit long certificate, issued after CSR.
Thanks,
Sergey


brett.cameron
VSI Expert
Contributor
Posts: 16
Joined: Mon Jun 24, 2019 9:51 am
Reputation: 0
Status: Offline

Re: SSL certificate import problem using iLO3 (rx2800 i2)

Post by brett.cameron » Wed Apr 08, 2020 6:50 am

This isn't really an OpenVMS issue; you would have exactly the same problem if the server was running HPUX. It's an issue with the server's ILO3 implementation, so you'd probably need to open a case with HPE Engineering on the matter. Most likely there are limitations as to what types of certificate ILO3 is accepting...


Topic author
way_sz
Newbie
Posts: 3
Joined: Thu Jul 11, 2019 6:00 pm
Reputation: 0
Status: Offline

Re: SSL certificate import problem using iLO3 (rx2800 i2)

Post by way_sz » Wed Apr 08, 2020 2:12 pm

brett.cameron wrote:
Wed Apr 08, 2020 6:50 am
This isn't really an OpenVMS issue; you would have exactly the same problem if the server was running HPUX. It's an issue with the server's ILO3 implementation, so you'd probably need to open a case with HPE Engineering on the matter. Most likely there are limitations as to what types of certificate ILO3 is accepting...
Yes, I agree, that the problem is OS neutral, but I am dealing with the server running OpenVMS; the fact, which make the solution finding even more complicated. I opened the case with HPE and was curios if anybody from OpenVMS users have ever tried to implement more modern and secure certificates for iLO3...


brett.cameron
VSI Expert
Contributor
Posts: 16
Joined: Mon Jun 24, 2019 9:51 am
Reputation: 0
Status: Offline

Re: SSL certificate import problem using iLO3 (rx2800 i2)

Post by brett.cameron » Wed Apr 08, 2020 2:36 pm

Possibly this is relevant: https://support.hpe.com/hpesc/public/do ... =c05315789

And ensure that the server is using the latest or last known good firmware version.

Post Reply