Remote Lights-Out Mgmt (iLO 2, iLO, RILOE II) Forum
cancel
Showing results for 
Search instead for 
Did you mean: 

How to use openssl to generate key pair for SSL.

Highlighted
david8881
Occasional Contributor

How to use openssl to generate key pair for SSL.

How can you import a key pair into the ilo.

Does the import_cert.xml from the hpqlocfg.exe and locfg.pl take the private keys?

I did find this article, but was having issues with windows hpqlocfg.exe the locfg.pl I am also experinces unknown errors..

http://www.vcritical.com/2010/11/automating-ssl-certificate-deployments-for-hp-ilo/

my log

HPQLOCFG.exe: Sending (97)
POST /ribcl HTTP/1.1
HOST: sjc21654mdrp01
Content-length: 30

<RIBCL VERSION="2.0"></RIBCL>

HPQLOCFG.exe: Sending (115)
POST /ribcl HTTP/1.1
HOST: sjc21654mdrp01
Transfer_Encoding: chunked
Content-length: 2095
Connection: Close


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (22)
<RIBCL VERSION="2.0">

HPQLOCFG.exe: Sending (50)
<LOGIN USER_LOGIN="<user>" PASSWORD="<password>">

HPQLOCFG.exe: Sending (30)
<RIB_INFO MODE="write">

HPQLOCFG.exe: Sending (30)
<IMPORT_CERTIFICATE>

HPQLOCFG.exe: Sending (13)

HPQLOCFG.exe: Sending (13)

HPQLOCFG.exe: Sending (13)

HPQLOCFG.exe: Sending (31)
-----BEGIN RSA PRIVATE KEY-----

HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (22)
Proc-Type: 4,ENCRYPTED

HPQLOCFG.exe: Sending (39)
DEK-Info: DES-EDE3-CBC,E52C2EA1689EF611

HPQLOCFG.exe: Sending (0)


HPQLOCFG.exe: Sending (64)
<private key>

HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (29)
-----END RSA PRIVATE KEY-----

HPQLOCFG.exe: Sending (1)


HPQLOCFG.exe: Sending (31)
</IMPORT_CERTIFICATE>

HPQLOCFG.exe: Sending (10)

HPQLOCFG.exe: Sending (22)
<RESET_RIB/>

HPQLOCFG.exe: Sending (18)
</RIB_INFO>

HPQLOCFG.exe: Sending (12)
</LOGIN>

HPQLOCFG.exe: Sending (9)
</RIBCL>

HPQLOCFG.exe: Sending (0)

 

Sending script...
Waiting for Response...

HPQLOCFG.exe: Received (496)

<?xml version="1.0"?>
<RIBCL VERSION="2.23">
<RESPONSE
STATUS="0x0000"
MESSAGE='No error'
/>
</RIBCL>
<?xml version="1.0"?>
<RIBCL VERSION="2.23">
<RESPONSE
STATUS="0x0000"
MESSAGE='No error'
/>
</RIBCL>
<?xml version="1.0"?>
<RIBCL VERSION="2.23">
<RESPONSE
STATUS="0x0000"
MESSAGE='No error'
/>
</RIBCL>
<?xml version="1.0"?>
<RIBCL VERSION="2.23">
<RESPONSE
STATUS="0x0001"
MESSAGE='Error: Line #37: syntax error near ">".'
/>
</RIBCL>

Error:Can not open Log file....

Script failed for DNS:<hostname>

1 REPLY
Oscar A. Perez
Esteemed Contributor

Re: How to use openssl to generate key pair for SSL.

iLO doesn't support importing Private/Public RSA key-pair.  See my explanation why it doesn't here:  

http://community.hpe.com/t5/Remote-Lights-Out-Mgmt-iLO-2-iLO/Anyway-to-change-the-Subject-Alternative-Name-on-iLo-SSL-Cert/m-p/6845098/highlight/true#M7739

 

What you need to do is to create your own Private CA then, have each iLO generate a CSR then, get the CSR signed by your CA and finally import the signed SSL certificates back into that iLO.   The article in the link you posted has a very interesting way to script all of this. 




__________________________________________________
I work for Hewlett Packard

If you feel this was helpful please click the KUDOS! thumb below!
//Add this to "OnDomLoad" event