SSH

For a period of days I am working on replacing self-signed certificates in my environment and I found one issue with my enclosure. My certificate authority supports only 2048 Bits Certificate Signing Requests and in my case enclosure had 1024 Bits certificate. I found solution how to quickly fix problem and replace self-signed certificate.

Hardware details:

HP c7000 enclosure

Onboard Administrator: 4.30

How to generate new self-signed certificate in HP c7000 enclosure - certificate info

How to generate 2048 Bits certificate

Procedure itself is really simple. According to HP documentation http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c03659074 if you reset Onboard Administrator then new key will be generated.

HP info

To switch from 1024-bit to 2048-bit keys you needed to first reset the OA configuration to factory defaults which would cause the generation of new keys.

Certificate generation

Starting from Onboard Administrator version 3.56 you can do it easier.

How to generate new self-signed certificate in HP c7000 enclosure - certificate info - 2

Simply login to Onboard Administrator using SSH and execute this command

1

generate key all 2048

You will be asked if you want to regenerate private keys. Answer yes and Onboard Administrator will be restarted.

How to generate new self-signed certificate in HP c7000 enclosure - confirm

After restart you will have new fresh 2048 Bits certificate.

How to generate new self-signed certificate in HP c7000 enclosure - new 2048 Bits key

Repeat same step for second Onboard Administrator.