At the request of higher-up, I need to deploy a SSL Certificate(s) signed by our Active Directory CA to over 100 lights-out interfaces. Given all these devices have been given a hostname .ilo.my.domain a Wildcard certificate seems to be the way to go.
I've not been able to find any useful instructions on how to do this - Googling just gets me 100s of results for various SSL Resellers.
Does anyone have any experience with MS Cert Services & Wilcard SSL Certificates that they can point me in the right direction with?
Cheers
It's possible to use the iLO scripting interfaces to get the certificate request and import the reply. That would be using CPQLOCFG or HPONCFG for the iLO I/O.
If you're a programming sort, there's a perl version of cpqlocfg that could be used to fetch the request, programmatically submit it to the Microsoft CA, fetch the reply, and update iLO.
The real problem you have is that you need to get the HP iLO to issue a wildcard certificate request in the first place. From my quick searching of the HP IT Resource Center this doesn't appear possible.
What I did find however was a great post at The Lazy Admin - Using Certificates with Compaq/HP RILOE and ILO Hardware which step-by-step walks you through the process of requesting a HP iLO cert against a MS Certificate Authority.
With respect to SSL wildcards in general have a read of Publishing Multiple Web Sites Using a Wildcard Certificate in ISA Server 2004 though focussed on ISA it explains what needs to happen with respect to the request.
Can you please advise a line (and location in the script) where we can add an Alternative Name in the script. This is expected by Chrome now. Our current certs do not have this and so the script does not add it. Can you please advise Thanks -ActionParsnip