- #Hp proliant onboard administrator set ssl certificate how to
- #Hp proliant onboard administrator set ssl certificate install
- #Hp proliant onboard administrator set ssl certificate manual
Next you need to tell your web browser(s) to trust your private CA - you’ll also need to distribute this certificate to other administrators on your team so they can do the same. Have a look at /etc/ssl/openssl.cnf to change certain default behaviors - optional. demoCA/private/cakey.pem -out nopasswd-tmp.pem To create an unprotected version, use the following command and then rename/swap with the original: openssl rsa -in. I also chose to remove the passphrase from the resulting private key in order to make the automation script simpler. Next, create a directory to use for the base of your private CA and run the following command there, following the interactive prompts: /usr/share/ssl/misc/CA.pl -newca Locate the script called CA.pl and optionally increase the CA certificate expiration from 3 years to 10 years, e.g.: vi /usr/share/ssl/misc/CA.plįind the following line and modify accordingly: $CADAYS="-days 3650" Most Linux distributions come with OpenSSL and everything needed to run your own private CA - naturally, I am using SLES for VMware. For production systems with many users, certificates from a trusted CA are much more appropriate. Keep in mind that the process described here works best for environments where a known group of individuals needs to administer servers, such as in a lab.
#Hp proliant onboard administrator set ssl certificate how to
In this article I will show you how to become your own CA and write a simple script that automatically deploys a signed SSL certificate to an HP iLO controller.
#Hp proliant onboard administrator set ssl certificate manual
The one-by-one manual approach is fine for a handful of systems, but setting up a c7000 chassis full of 16 blade servers is an opportunity begging for automation. Take a look at these articles from Jason Boche and Mike Laverick for additional background. Given a private Certificate Authority (CA), installing signed certificates is normally an interactive process that involves some clicking and pasting.
#Hp proliant onboard administrator set ssl certificate install
The solution, of course, is to install signed SSL certificates to stop web browsers from complaining. Using iLO doubles the annoyance because the prompt appears again when subsequently opening a remote console window. In order to get on with your business, the only real choice is to rotely click the not recommended link. You’ve likely seen this warning countless times when accessing self-signed SSL-encrypted web applications, such as the one used for remotely managing HP servers through iLO: Self-Signed Certificates Considered Annoying
0 kommentar(er)
