Page 1 of 1

SSL certificate import problem using iLO3 (rx2800 i2)

Posted: Wed Apr 01, 2020 1:36 pm
by way_sz
Greeting to everybody!

I have the problem of creation and importing SSL 2048 after CSR. That certificate for web access to iLO on rx2800i2 server.

The existing self- signed certificate works. The certificate details are the following:

Signature algorithm: sha256RSA
Signature hash algorithm: sha256
.
.
.
Public key: RSA (1024 Bits)
Key Usage: Certificate Signing, Off-line CRL Signing, CRL Signing (06)

The intention is to use 2048 Bits certificate after its creation within a Certificate Signing Request (CSR), for the stronger security. The problem is that iLO refused to import generated certificate.

If you have experience to do that, please provide the proper steps and values sample for certificate data, which is to be sent to CSR. I need the detailed instructions on how to fill the parameters for CSR and how to generate the 2048 bits certificate, compatible to iLO3 import.

Thanks.

Sergey Zadorozhny

Re: SSL certificate import problem using iLO3 (rx2800 i2)

Posted: Thu Apr 02, 2020 3:09 am
by gil
Hello Sergey,
Please, specify what version of SSL you have installed on your rx2800.
Regards, Eugeny.

Re: SSL certificate import problem using iLO3 (rx2800 i2)

Posted: Thu Apr 02, 2020 2:04 pm
by way_sz
Hello, Eugeny,

Both SSL certificates have V3. Currently used one is a 1024 bit long self signed, vendor provided certificate. I am trying to import a new 2048 bit long certificate, issued after CSR.
Thanks,
Sergey

Re: SSL certificate import problem using iLO3 (rx2800 i2)

Posted: Wed Apr 08, 2020 6:50 am
by brett.cameron
This isn't really an OpenVMS issue; you would have exactly the same problem if the server was running HPUX. It's an issue with the server's ILO3 implementation, so you'd probably need to open a case with HPE Engineering on the matter. Most likely there are limitations as to what types of certificate ILO3 is accepting...

Re: SSL certificate import problem using iLO3 (rx2800 i2)

Posted: Wed Apr 08, 2020 2:12 pm
by way_sz
brett.cameron wrote:
Wed Apr 08, 2020 6:50 am
This isn't really an OpenVMS issue; you would have exactly the same problem if the server was running HPUX. It's an issue with the server's ILO3 implementation, so you'd probably need to open a case with HPE Engineering on the matter. Most likely there are limitations as to what types of certificate ILO3 is accepting...
Yes, I agree, that the problem is OS neutral, but I am dealing with the server running OpenVMS; the fact, which make the solution finding even more complicated. I opened the case with HPE and was curios if anybody from OpenVMS users have ever tried to implement more modern and secure certificates for iLO3...

Re: SSL certificate import problem using iLO3 (rx2800 i2)

Posted: Wed Apr 08, 2020 2:36 pm
by brett.cameron
Possibly this is relevant: https://support.hpe.com/hpesc/public/do ... =c05315789

And ensure that the server is using the latest or last known good firmware version.