Go to main content

Oracle® ILOM Security Guide For Firmware Releases 3.x and 4.x

Exit Print View

Updated: May 2019
 
 

Upload a Custom SSL Certificate and Private Key to Oracle ILOM

Before You Begin

  • Admin (a) role is required to modify the web server properties in Oracle ILOM.

  • Obtain the new (temporary self-signed or certificate authority-signed) HTTPS certitude and private key. For instructions using the OpenSSL toolkit, see Obtain a Custom SSL Certificate and Private Key Using OpenSSLToolkit.

  • Ensure that you can access the new HTTPS certificate and private key through your network or local file system.

  • When uploading a certicate chain for SSL, ensure that the certificates within the certificate chain are listed in the correct order. For more details, see Certificate Chain Order.

  1. Navigate to the SSL Certificate page in the Oracle ILOM web interface.

    For instance, in the:

    • 3.0.x web interface, click Configuration -> System Management Access -> SSL Certificate.
    • 3.1 and later web interface, click ILOM Administration -> Management Access -> SSL Certificate.
  2. In the SSL server page, perform the following;
    1. Click the Load Certificate button to upload the Custom Certificate file that is designated in the File Transfer Method properties.
    2. Click the Load Custom Private Key button to upload the Custom Private Key file that is designated in the File Transfer Method properties.
    3. Click Save to apply the changes.
  3. If a Certification Auhority (CA) SSL Certificate and private key were uploaded to Oracle ILOM, verify that the Java client is properly configured to validate the custom CA SSL certificate that is currently configured in Oracle ILOM. For instructions, see the following procedure Validate Custom CA SSL Certificate Configuration in Java Client.

Related Information

  • SSL Certificate and Private Key Configuration Properties, Oracle ILOM Administrator's Guide for Configuration and Maintenance (Firmware 3.2.x)

  • SSL Certificate and Private Key Configuration Properties, Oracle ILOM 3.1 Configuration and Maintenance Guide

  • Upload SSL Certificate, Oracle ILOM 3.0 Daily Management - CLI Procedures Guide

  • Upload SSL Certificate, Oracle ILOM 3.0 Daily Management - Web Procedures Guide

Certificate Chain Order

An SSL Certificate Chain links your intermediate certificate(s) to the trusted root certificate. When using a certificate chain, the SSL certificates in the chain must be listed in the following order:

  1. ilom.cer

  2. intermediate.cer(s)

  3. root.trusted_CA.cer

Example: Create Certificate Chain

cat ilom.cer intermediate.cer root_trusted_CA.cer > cer-chain.cer

where:

  • cat represents the Symantec command used in this example to create a certificate chain file (cer-chain.cer).

  • ilom.cer is the sender's certificate, which must come first in list.

  • any intermediate.cer that follows must directly certify the proceeding certificate.

  • root_trusted_CA.cer represents the root certificate issued by the Certificate Authority.