I'm trying to sort out the ssl certificate errors that we get when trying to manage our HP c7000 blade enclosures. To that end I have created a signing certificate and imported it into the browser. In Onboard Administrator I created a certificate signing request, which I signed with my CA and then uploaded the certificate. This worked perfectly, and I no longer get any SSL errors when connection to Onboard Administrator.
The problem comes when trying to connect through Onboard Administrator to the iLo on the blades themselves. Done by clicking on the "Web Administration" link. Onboard Administrator links to the blade with it's IP address rather than host name. But the certificate signing request that iLo creates uses the host name. Even when this certificate is signed the browser still complains it is for the wrong domain.
I either need to be able to get Onboard Administrator to connect to the blades using host name rather than IP address, or get a certificate signing request which contains the IP address as the CN rather than the host name. It doesn't particularly matter which. Does anybody know how to configure this?
Best Answer
You can add subjectAltName values while signing. If a certificate contains a subjectAltName extension a browser uses the names found there rather than the common name. The subjectAltName can contain DNS names or IP addresses.