iLO Firmware Addresses SSL Certificates

This little anecdote is about iLO Firmware and SSL

Firmware 2.01 for iLO2 may be downloaded from here.

One of my biggest gripes with HP iLO devices was that their self-signed certificates were next to useless is enterprise environments where a lot of people create DNS A records for the iLO so it is easy to remember (i.e. server.ilo.domain.com). The CSRs generated by iLO were hostname only, and attempting to install a FQDN Certificate resulted in it being rejected because the Certificate CN did not match the hostname.

iLO2 Firmware 2.0 released in July finally introduced FQDN SSL Support, however it suffered some bugs in CSR generation, and unfortunately still did not quite work as intended.

Finally firmware 2.01 was released in late August and this does appear to work. I have successfully created a FQDN SSL Certificate and applied to the iLO.

I strongly recommend this update for anyone with iLO2 interfaces who want to sign SSL Certificates using thier own enterprise CA.

Sadly, testing with iLO 3 firmware 1.10 has not been successful with the iLO rejecting the generated certificate. I am following this up with HP now.

Advertisements

3 thoughts on “iLO Firmware Addresses SSL Certificates

  1. Angelie

    Hi Ben,

    Have you tested the iLO3 firmware 1.26 if generated certificate signed by internal CA is working?

    regards,
    Angelie

    1. Ben Post author

      Hi Angelie,
      We don’t have many iLO3 servers on our network that I can “play” with, though I will take a look for you when I get back to work on Monday and Advise.

      Fairly sure I haven’t had an issue with anything newer than iLO 3 firmware 1.20

    2. Ben Post author

      Hi Angelie,
      I have just looked into this now, and unfortunately I have no non-production systems that I can upgrade the iLO3 firmware on to test this (It would require me to take the job through change management etc etc…)/

      I can confirm though that CSRs signed by an internal CA work fine on our 1.20 iLO3 installed.

Comments are closed.