Skip to main content

How to replace Supermicro IPMI SSL and TLS Certificate

I decided to replace SSL and TLS Certificates at my Supermicro IPMI (Intelligent Provisioning Management Interface).

Warning:   Server will restart after cirtificate update

 There are many options how to create Certificates. Here is two options. One is for Linux and the second is for Windows. Let's start with Linux.

To create certificate you need OpenSSL at your Linux installation. It's included in almost all distributives. To check version of OpenSSL use this command:

#openssl version
OpenSSL 1.0.2g  1 Mar 2016

I suggest to use at least 2048 bit certificate.

First we create private 2048 bit RSA key. The filename can be any you wish, in this example I will store private RSA key in pvt.pem.

#openssl genrsa -out pvt.pem 2048

or  you can user genpkey option

#openssl genpkey -algorithm RSA -out pvt.pem -pkeyopt rsa_keygen_bits:2048

Using this private RSA key I create Certificate Request

#openssl req -new -key pvt.pem -out crt.pem

Then I use my private RSA key to sign Certificate and validate Certificate for 1 year (365 days).

#openssl x509 -req -days 365 -in crt.pem -signkey pvt.pem -out crt.pem 


For Windows you can use  similar OpenSSL command but use Windows syntax.

C:\OpenSSL\bin>openssl.exe genrsa 2048 > ipmi.key
Generating RSA private key, 2048 bit long modulus
............+++
.....+++
e is 65537 (0x010001)

C:\OpenSSL\bin>openssl.exe req -new -key ipmi.key -out ipmi.crt
C:\OpenSSL\bin>openssl.exe x509 -req 365 -new -in ipmi.key -out ipmi.crt


Next open IPMI in your favority browser. Select Configuration -> SSL Certification  in Menu



The system requires we provide the new SSL Certificate and the PrivateKey. My new SSL Certificate is in file crt.pem. My new Private Key is in file pvt.pem.

Click Upload

 The server will issue a warning that the certificate will be replaced and after you click the OK button, server will reboot with the new certificate.


Enjoy!


Comments

Post a Comment

Popular posts from this blog

How to configure IPMI from IPMICFG Utility

IPMICFG Overview IPMICFG is a utility for IPMI devices configuration. It is a command line tool providing IPMI commands and Supermicro proprietary OEM commands. It is designed for easy to use and no pre-installation required. Use it for basic IPMI configuration and BMC status reading and monitoring. Features:  Set up IPMI IP Address  Set up IPMI Configuration  Configure IPMI User Management  Configure IPMI FRU  Manage System Event Log (SEL)  Manage IPMI by node management (NM) protocol IPMICFG Linux version will automatically use linux built-in ipmi driver from ipmitool to access BMC. If there is no ipmi driver loaded, IPMICFG will use its internal API to access BMC. However, the performance will be slow. Note:  You should use root permission to launch IPMICFG. Here is a step to load ipmi driver. You should be type these command to activate openIPMI driver: # modprobe ipmi_msghandler # modprobe ipmi_devintf # modprobe ipmi_si  Installing IPMICFG #  un
Post a Comment
Read more

How to Enable Console at EVE-NG

By default EVE-NG disable console access. You can use VNC to get console access to VM. By editing  GRUB_CMDLINE_LINUX  in  /etc/default/grub I've added console=tty0 console=ttyS0,115200 to enable console access using virsh console eve-ng command. GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200 net.ifnames=0 "
Post a Comment
Read more