Remote Lights-Out Mgmt (iLO 2, iLO, RILOE II) Forum
cancel
Showing results for 
Search instead for 
Did you mean: 

Question about SSL on OA/iLO

SOLVED
Go to solution
Highlighted
Blaine Baker
Acclaimed Contributor

Question about SSL on OA/iLO

Hi all,

This is probably a pretty easy question for most of you. I have a c3000 enclosure with some bl460c blades in it. I have followed the process to get an ssl certificate (from our internal enterprise CA) for the onboard administrator itself, and that works perfectly, but everything under Device Bays -> nnn -> iLO, those links all open directly to the IP address of the blade and not a DNS hostname. As a result, even though i have a certificate installed for one of my iLO interface's FQDN, and it works if I manually go there, if I simply click the links inside OA (like I want to) it says the certificate is not valid because the name is mismatched (the URL is only the IP address).

Can anyone clue me in on what I can do to resolve this? Thanks,

-Blaine
5 REPLIES

Re: Question about SSL on OA/iLO

Did you enter your DNS info under the Enclosure settings ?
Blaine Baker
Acclaimed Contributor

Re: Question about SSL on OA/iLO

Yes, my DNS settings are configured properly. OA is not even attempting to connect via hostname however - just IP address; so no DNS resolution is even being attempted.
T. Jones
Acclaimed Contributor

Re: Question about SSL on OA/iLO

I'm experiencing the same issue. Currently looking into using the subject alternate name extension to specify the IP address.
T. Jones
Acclaimed Contributor
Solution

Re: Question about SSL on OA/iLO

I got this working with our local Microsoft CA. Here's what I did:

1. Created the certificate and copied to clipboard.
2. On the CA, pasted the request, specified web server template, and added the subject alternate name attribute as "san:dns=xxx.xxx.xxx.xxx" (where "xxx.xxx.xxx.xxx" was my iLo IP address).
3. Imported the new cert.
4. Restarted browser, logged back in and no more cert error.

I did have to configure our CA to accept SAN attributes. Directions here: http://support.microsoft.com/kb/931351

Hope that helps,
tj
Blaine Baker
Acclaimed Contributor

Re: Question about SSL on OA/iLO

T. Jones' solution works perfectly. I had a little back and forth with my CA and they got it all sorted out. Thanks!
//Add this to "OnDomLoad" event