How-to: Automatic certificate install on an HP iLO4 management processor


#1
  • Install iLO4 2.44 or anything later than iLO 2.50 on your management processor (iLO4 2.50 has a bug that will result in an invalid CSR beeing created). iLO4 2.53 will generate valid CSRs again provided you do not check the “nclude iLO IP Address(es)” Box in the web interface (Administration->Security->SSL Certificate->Customize Certificate)

  • Download and install hpilo_cli (https://github.com/seveas/python-hpilo).

  • Fetch a CSR from your management processor:

    hpilo_cli -l -p yourilo4.domain.name certificate_signing_request country= state= locality= organization= organizational_unit= common_name=yourilo4.domain.name

  • The first time you call the above command, CSR-generation will be triggered. You have to wait and retry until the CSR is generated.

  • You will get nonsense values for C, O, OU, L and ST in your CSR, but luckily letsencrypt will ignore these fields.

  • Issue the CSR to letsencrypt and generate a certificate

  • Install the resulting Certificate with:

    hpilo_cli -l user -p passsword yourilo4.domain.name import_certificate certificate="$(cat $CERTFILE)"

  • There is no need to generate a new CSR for every certificate renewal. You can use the generated CSR as often as you wish.


#2

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.