The IBM ILO, the IMM (Integrated Management Module) v.2 supports signed certificates for it's https web UI. The get it, you will have to generate a CSR on it, then sign it off and upload the signed cert file back to the IMM2.
Now, this is not a big deal, but as IBM mentions, this only works with DER format.
The whole process, step-by-step:
- Go to the IMM Management menu on the UI, and select Security.
- Here, choose Generate a New Key and a Certificate Signing Request (CSR)
- When it's done, choose Download Certificate Signing Request (CSR) and download the file.
- Now, let's display it's contents: openssl req -in imm2.csr -inform DER -text -noout
- It should display the request, thus the CSR is in DER format. OpenSSL likes PEM better...
- Now, convert the DER file into PEM: openssl req -in imm2.csr -inform DER -out imm2-pem.csr
- It is now possilbe to sign the CSR: openssl x509 -req -in imm2-pem.csr -CA myroot.crt -CAkey rui.key -CAcreateserial -out imm2-der.crt -days 3650 -outform DER note the -outform DER parameter in the end, IMM2 requires a DER format signed certificate to be uploaded!
- You can now simply upload the file, choose Import a Signed Certificate to browse for it
- Restarting IMM2 or it's https service will make use of the new certificate now!
No comments:
Post a Comment