Loading...
Loading...
In HPE Integrated Lights-Out 5 (iLO 5) firmware earlier than 3.07 or iLO 6 earlier than firmware v1.62, importing an SSL certificate using "Import an SSL Certificate and Private Key" option under the SSL certificate Tab may not function and exit back to self-signed certificate. When this occurs, it will exit without any error message.This occurs due to the following two certificate limits:20KB for the entire certificate chain with multiple certificates.The last child certificate is used in the certificate chain, indicated as CA-Sub2 in the image below. This certificate is the one that is issued to the server and has a limit of 3KB.CA Certificate ChainFigure 1: "Certificate Issue by CA-Sub2" is installed on a server etc:"Root CA signs certificate of CA-Sub1CA-Sub1 signs certificate of CA-Sub2CA-Sub2 signs final certificate issued to client
Any HPE system with iLO 5 firmware earlier than 3.07 or iLO 6 earlier than firmware v1.62.
In iLO 5 firmware v3.07 (or later) and iLO 6 firmware v1.62 (or later), iLO security logs will contain the following message when this occurs:iLO certificate could not be imported since the input certificate is empty or has exceeded the maximum sizeiLO has an internal limit on the size each certificate in the certificate chain which is 3KB, this can translate to any field as long as the size of the binary certificate in .DER format remains within the 3072 bytes (3KB) limit. Even though the uploaded certificate is in PEM format, iLO converts it into a compressed binary format file as it is more space efficient and the size of this converted binary file is where the restriction applies. To confirm if the certificate is within these internal size limits, use the following openssl command to convert the PEM certificate to DER format (binary) before checking the size. Ensure to convert each certificate and not the entire chain as it has a larger limit of 20KB.openssl x509 -outform der -in <certificate file name with single certificate>.pem -out <certificate file name>.der
Operating Systems Affected:Not Applicable
Click on a version to see all relevant bugs
Hewlett Packard Enterprise Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.