dehydrated-hpeilo

This is a dehydrated helper plugin for HPE iLO(Integrated Lights-Out).

To sign a CSR generated by HPE iLO and import a certificate signed by Let's Encrypt into it, do following things:

• Install hpeilo.sh to ${CONFIG_D} directory, and set CONFIG_D on /usr/local/etc/dehydrated/config.
• Set OPENSSL=hpeilo_openssl on /usr/local/etc/dehydrated/config or per-domain directory. In this time, my plugin doesn't work. Please read following.
  • If you use latest version, please apply my patch.
  • If you use v0.4.0 and/or before, please apply my patch.
• Add reading a helper plugin to hook.sh, and use it's functions.
• Set HPE iLO custom settings on per-domain directory like /usr/local/etc/dehydrated/certs/DOMAIN/hpeilo_config.

NOTE: I tested only dns-01 challenge type, so I don't know what will happen with http-01 challenge type.

hook.sh

  :
. path/to/hpeilo.sh
  :
function deploy_cert {
    local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}"

    case "${OPENSSL}" in
      "hpeilo_openssl")
        hpeilo_ImportCertificate "${DOMAIN}" "${CERTFILE}" "${CHAINFILE}"
        ;;
      *)
        echo " ! No deploy certificate."
        ;;
    esac
}
  :

hpeilo_config in per-domain directory

Put following file in /usr/local/etc/dehydrated/certs/DOMAIN/hpeilo_config.

HPEILO_AUTHKEY="IDandPasswordEncodedByBase64"
HPEILO_C="JP"
HPEILO_ST="Tokyo"
HPEILO_L="Chiyoda"
HPEILO_O="Example Japan"
HPEILO_OU="System Department"

To get HPEILO_AUTHKEY's value, run echo -n iLO-ID:iLO-PASSWORD | openssl base64 -e. And do chmod 0600 hpeilo_config.

Example

dehydrated -c -d ilojptXXXXXXX.example.jp

Tested and Supported iLOs

• iLO2/iLO3 not supported.
• iLO4 2.53 and/or after.
  • 2.50 and/or before: SANs have a extra IP: address, so miss signing a CSR by dehydrated(and Let's Encrypt).
  • 2.53: cannot import a intermidiate certificate. So I reported this issue to HPE iLO development team.
  • 2.54: cannot import a intermidiate certificate.
• iLO5 not confirmed(maybe 1.10 and/or after).

Tested environments

I confirmed follwoing environments.

• HP ProLiant ML350p Gen8
• HP ProLiant DL320e Gen8 v2
• HP ProLiant DL360e Gen8
• HP ProLiant DL360p Gen8
• HPE ProLiant DL160 Gen9
• HPE ProLiant DL180 Gen9
• HPE ProLiant DL360 Gen9

SEE ALSO

• HPE Integrated Lights Out (Japanese)
• Drivers & Software for HPE Integrated Lights-Out 4 - HPE Support Center
• Drivers & Software for HPE Integrated Lights-Out 5 - HPE Support Center
• Latest HP ILO firmwares (HPE unofficial)
• iLO4 API Reference
  • POST Action “GenerateCSR”
  • CertificateSigningRequest
  • POST Action “ImportCertificate”
• iLO5 API Reference
  • POST Action “HpeHttpsCert.GenerateCSR”
  • CertificateSigningRequest
  • POST Action “HpeHttpsCert.ImportCertificate”

Sponsored

Entermotion Inc. (Japanese only)