In a lot of the course I teach, the physical equipment is often a long distance away. We usually connect to it
by Citrix or Terminal Services – and use the ILO+Virtual Media (or even physical CD duct-taped into the drives!) to carry out the ESX install in classroom exercises. I now have a similar system of my own – my own personal VDC (Virtual DataCenter) if you like. It consists of 4 HP Proliant DL385 (AMD Dual-Core) and two Dell 1U server which run the virtual machines needed to work remotely (Domain Controllers (x2), Citrix Servers (x2) Microsoft SQL and VirtualCenter).
One thing that has always annoyed me about using ILOs was the number of SSL certificate security prompts. Before beginning this post I thought I would count them. There was 1 prompt for the logon page and 3 for the Java security if you use the untrusted auto-signed SSL Certificates created by the ILO – there was also 1 prompt for using virtual media. That is 5 prompts altogether!
So last week I took a look at creating my own self-trusted certificates for my VDC. As Citrix MetaFrame across the Internet needs certificates to work, I’ve always run my own root Certificate Authority rather than paying for certificates from an ISP or Verisign – plus it's more fun to do your own security. I found the process was surprisingly easy, and wondered why more “VDC” environments didn’t do this as well. Here’s how it's done
- Login into your ILO with full rights
- Choose Administration and Certificate Administration
- Click on “Create Certificate Request” button.
- Press Ctrl+A to highlight the certificate, and Ctrl+C to copy it.
- Connect to your Certificate server, in my case I used the Microsoft Certificate Service set-up on my domain controller using the url of https://dc1.rtfm-ed.co.uk/certsrv/
- Click on the “Advanced Certificate Request” link.
- Click on the “Submit a certificate request by using a base-64-encode CMC or KCS#10 file“
- For the Certificate Template, select “Web Server“
- Paste your iLO certificate request into the “Saved Request” field using Ctrl+V
- Click the Submit button
- Next download the certificate using the “Base 64 encoded” option, then click on the “download certificate” link.
- Save the certificate at a location and Open your saved certificate with notepad, select all the text with Ctrl+A and copy with Ctrl+V
- Back to the iLO certificate page. Click on next
- Paste your iLO certificate into the “Saved Request” field.
- Paste it into the iLO certificate page, and click on the Import Certificate button.
- Once the certificate had been imported, reset iLO.
- The next time you logon to this iLO, it will have your new certificate.