For a period of days I am working on replacing self-signed certificates in my environment and I found one issue with my enclosure. My certificate authority supports only 2048 Bits Certificate Signing Requests and in my case enclosure had 1024 Bits certificate. I found solution how to quickly fix problem and replace self-signed certificate.
Hardware details:
HP c7000 enclosure
Onboard Administrator: 4.30
How to generate 2048 Bits certificate
Procedure itself is really simple. According to HP documentation http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c03659074 if you reset Onboard Administrator then new key will be generated.
HP info
To switch from 1024-bit to 2048-bit keys you needed to first reset the OA configuration to factory defaults which would cause the generation of new keys.
Certificate generation
Starting from Onboard Administrator version 3.56 you can do it easier.
Simply login to Onboard Administrator using SSH and execute this command
|
|
You will be asked if you want to regenerate private keys. Answer yes and Onboard Administrator will be restarted.
After restart you will have new fresh 2048 Bits certificate.
Repeat same step for second Onboard Administrator.