User's Manual

5. After a few minutes (up to 10), click Generate CSR again, or select Actions→View CSR on the

SSL Certificate page.

The CSR is displayed.

The CSR contains a public and private key pair that validates communications between the

client browser and iLO CM firmware. Key sizes up to 2,048 bits are supported. The generated

CSR is held in memory until a new CSR is generated, the iLO CM firmware is reset to the

factory default settings, or a certificate is imported.

6. Do one of the following:

• Click Save to save the CSR text to a file.

• Select and copy the CSR text.

7. Open a browser window and navigate to a third-party CA.

8. Follow the onscreen instructions and submit the CSR to the CA.

When you submit the CSR to the CA, your environment might require the specification of

Subject Alternative Names. This information is typically included in the Additional Attributes

box. If required, enter the Moonshot 1500 CM module DNS short name and IP address in

the Additional Attributes box by using the following syntax:

san:dns=10.10.20.95&dns=server1.ilo.example.com.

The CA generates a certificate in PKCS #10 format.

9. After you obtain the certificate, make sure that:

• The CN matches the Moonshot 1500 CM module FQDN.

This is listed on the Network Configuration page.

• The certificate is a Base64-encoded X.509 certificate.

• The first and last lines are included in the certificate.

10. Return to the SSL Certificate page in the iLO CM Firmware web interface.

11. Import the certificate.

For instructions, see “Importing a trusted SSL certificate” (page 46).

Importing a trusted SSL certificate

Use the following procedure to import a trusted SSL certificate.

1. Obtain a certificate from a CA.

For instructions, see “Obtaining a trusted SSL certificate” (page 44).

2. Verify that the certificate meets the following requirements:

• The certificate is in PKCS #10 format.

• The CN matches the Moonshot 1500 CM module FQDN.

This is listed on the Network Configuration page.

• The certificate is a Base64-encoded X.509 certificate.

• The certificate meets the file size requirements.

The iLO CM firmware supports DER-encoded SSL certificates that are up to 3 KB in size

(including the 609 or 1,187 bytes used by the private key, for 1,024-bit and 2,048-bit

certificates, respectively).

• The first and last lines are included in the certificate.

3. Select Security from the main menu.

4. Select Actions→Import Certificate.

The Import SSL Certificate page appears.

46 Configuring Moonshot System