HP iLO Wildcard SSL using MS Certificate Services?

At the request of higher-up, I need to deploy a SSL Certificate(s) signed by our Active Directory CA to over 100 lights-out interfaces. Given all these devices have been given a hostname .ilo.my.domain a Wildcard certificate seems to be the way to go.

I've not been able to find any useful instructions on how to do this - Googling just gets me 100s of results for various SSL Resellers.

Does anyone have any experience with MS Cert Services & Wilcard SSL Certificates that they can point me in the right direction with?

Cheers

Solution 1:

It's possible to use the iLO scripting interfaces to get the certificate request and import the reply. That would be using CPQLOCFG or HPONCFG for the iLO I/O.

If you're a programming sort, there's a perl version of cpqlocfg that could be used to fetch the request, programmatically submit it to the Microsoft CA, fetch the reply, and update iLO.

Solution 2:

The real problem you have is that you need to get the HP iLO to issue a wildcard certificate request in the first place. From my quick searching of the HP IT Resource Center this doesn't appear possible.

What I did find however was a great post at The Lazy Admin - Using Certificates with Compaq/HP RILOE and ILO Hardware which step-by-step walks you through the process of requesting a HP iLO cert against a MS Certificate Authority.

With respect to SSL wildcards in general have a read of Publishing Multiple Web Sites Using a Wildcard Certificate in ISA Server 2004 though focussed on ISA it explains what needs to happen with respect to the request.