Jump to content
RESET Forums (homeservershow.com)

iLO4 and Security Certificate Errors in IE11


Joe_Miner
 Share

Recommended Posts

On my desktop to get into iLO4 I would just click on the saved address in IE11 and it would first take me to a Security Certificate Error screen and I would just click on "Continue to this website (Not Recommended)" to get to my iLO4 sign-in page -- annoying but it got the job done.

 

Today I thought that instead of having it in my Favorites in IE11 I would put a shortcut on my desktop to just jump to Certificate Error Screen and then to my iLO4 screen -- but when I click on the shortcut and it takes me to the Certificate Error Screen I no longer have the option to click on "Continue to this website (Not Recommended)"??

 

I can still get in thru IE11's Favorites list but not thru a shortcut.

 

Thanks!

Link to comment
Share on other sites

Since the system is on your LAN, export the Cert from the server and import it back to you PC as Trusted.  You will bypass all of that

Link to comment
Share on other sites

You've done this with iLO4 certificate on a gen8 to a Windows desktop?

 

I guess I need to spend more time on the iLO4 manual...................

Link to comment
Share on other sites

It's a Cert. As long as you tell the client to trust it, the warning will be bypassed. I do it all the time with test SharePoint farms using self signed certs.

Link to comment
Share on other sites

  • 2 months later...

Hello everyone,

 

Quick question on the certificate feature.

 

I own few certificates (*.pfx as well as *.key and *.crt) but I see no way to import/use them.

I see that you can generate a CSR and submit that to a CA but i see no way to import a wildcard, anyone knows if this is achievable?

 

it seem the "import" feature only allow to import the public key but no way to import the private key.

 

Any idea on how to work that around?

 

Thanks,

Tommy

Link to comment
Share on other sites

Hello eveyone,

 

Pretty much resolved this issue by creating a new certificate.

 

To do so I did populate all teh fields (server FQDN, State, Region, etc.) then I clicked on Generate CSR.

About 5 minutes later I did click again on Generate CSR so to get the code.

 

I have then logged on Start SSL (you register for free and create single-name certificates for free), if you want to create SAN's or wildcard certs it costs around~50$ and you can submit unlimited certificates.

Anyway, let's stop digressing, I did register here some time ago so i can create any cert I need. If somebody wants more information: https://www.startssl.com/.

 

I did paste the code I got from ILO in the CSR field, went though the wizard, added a couple of other FQDNs and then imported the public key.

 

Now ILO does not show that warning anymore, so, happy days :-)

 

Hope this can help somebody else willing to stop that "the certificate is not valid" type of warning.

 

Tommy

Link to comment
Share on other sites

Add the ilo address as a trusted site in ie. It should remove the cert issue. It is a activex issue fixed in February/March that drives me nuts as I have to do this for 500 cameras with self signed certs

Link to comment
Share on other sites

  • 1 year later...

Add the ilo address as a trusted site in ie. It should remove the cert issue. It is a activex issue fixed in February/March that drives me nuts as I have to do this for 500 cameras with self signed certs

That didn't work...

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Similar Content

    • Haxsource
      By Haxsource
      Good afternoon folks!
       
      I have a question I was wondering if someone would know about. I have a Microserver Gen 8 with Vmware ESXI 7 currently installed on the MicroSD with AHCI enabled instead of RAID mode (dont find anything usefull in raid mode in my current setup other than booting from ODD, which I can just use as another Datastore instead).
       
      With that context being said, Im trying to enable the Agentless Management Service from the ILO with the drivers on the Vmware ESXI 7, but unfortunetly after installing and trying to start the service with:

       
      /etc/init.d/hp-ams.sh start  
       
      I get the following error:
       
      /opt/hpe/ams/amshelper: error while loading shared libraries: libnicmgmt.so.0: cannot open shared object file: No such file or directory  
       
      Makes sense following the Vmware ESXI HPE support matrix, since its only supported until Vmware ESXI 6.5U2 Pre-gen. But I´ve been reading lots of people having working setups doing the following:
       
      Install Vmware ESXI HP Custom Image 6.5U2 -> Offline Update to Vmware ESXI 6.7.
       
      I was wondering if installing HP Custom Image 6.5U2 with the drivers Agentless Management Service working and doing a full upgrade to ESXI 7.0 would do the trick, since its an upgrade not a clean install...so libraries should stay supporting older drivers installed.
       
      Does this make any sense?? Has anyone gone trough this alredy?
       
      Thanks!
    • netware5
      By netware5
      ***CRITICAL*** iLO 4 update available here. HPE requires users update to this version immediately. Potential vulnerabilities in network stack.
      VULNERABILITY SUMMARY
      A potential security vulnerability has been identified in Integrated Lights-Out 5 (iLO 5), Integrated Lights-Out 4 (iLO 4), and Integrated Lights-Out 3 (iLO 3) firmware. The vulnerability could be remotely exploited to cause memory corruption.
      HPE has released updated firmware to mitigate these vulnerabilities.
      References: CVE-2020-27337
    • AVsonyfan
      By AVsonyfan
      All credit to schoondoggy for his original idea. A shame I am on the wrong side of the Atlantic to order an SDM kit as the import duties make it an expensive option, or would have if they were still available. I had to look around to see what alternatives I could find... and managed to find the bits needed on Amazon!
       
      I must admit I am rather pleased with the end result of this project and may repeat it on the other Gen8 MicroServer. The outcome is a server with a mirrored system drive on the internal B120i, and the main drive bays connected to an HP P222 card providing a RAID-10 data volume. This is pretty much my ideal setup for a stable resilient but small server.
       
      Sabrent 3.5" to x2 SSD Internal Mounting Kit (BK-HDCC)
      Amazon UK - https://amzn.to/32qEVou
      Amazon US - https://amzn.to/3h8Blom
      The kit comes with all the cabling you need and all the required screws to mount the drives and bracket.
      Two types of power splitter cables are included along with two SATA cables. The bracket holds two SSDs and provides a small gap between them.
       
      I mounted the bracket next to the PSU but leaving a 2-3mm gap to allow for some airflow past the SSDs in case they get warmed by the P222.
       
      Tips:
      Put some insulating tape along the underneath of the upper chassis rail next to the PSU and drilled three small holes.
      I used two strips on to stop the drill bit from walking across the metal. Drill with a 2mm first then a 2.5mm bit. This leaves enough metal for screws to thread in.
      Check and measure each hole against the bracket as you go so that they line up. Bracket is then fixed in place using the provided screws (see photo).
       
       
      The final part of the puzzle is another Mini-SAS to SATA cable the same as the one connected to the internal drive bays.
      This is an SFF-8087 Mini-SAS [male] connector to 4 SATA [female] header cables. The 50cm cable from Jyopto works great and not too much spare to lose within the system.
      Amazon UK - https://amzn.to/2CXAzgb
      I could not find it on Amazon US site but there was one from CableCreations that same length.
       
      Just need to add your choice of SSDs and cable up to B120i port.  I went with Samsung 860 Pro SSDs for the longer rated lifespan of write cycles.
       
       
      I decided to forget about an internal DVD/RW drive and opted for an external HP F2B56AA slimline drive that can be plugged into the USB of either system.
      Amazon UK - https://amzn.to/2EgSSxD
      Amazon US - https://amzn.to/326uFmL
       
       
      Sabrent also make a really good quality 2.5" to 3.5" bay converter adapter (BK-PCBS) that I have used in the EX490/X510 to convert from HDD to SSD system drives.
      Amazon UK - https://amzn.to/3jbYBmT
      Amazon US - https://amzn.to/335kXQz
       
      Hopefully this information will prove useful to some looking to update their MicroServer.
       
       
       
       

    • E3000
      By E3000
      Does anyone know if it is possible to get Agentless Management Service (AMS) running on Debian/Ubuntu Linux? It is always showing as Not Available in the iLO page and I have only ever seen this active in Windows.
    • E3000
      By E3000
      Hey guys,
       
      Has anyone around here been successful in setting up Proxmox on a Gen8 using a HBA for storage?
×
×
  • Create New...