Configuring the iBMC SSL Certificate

Scenarios

Configure a Secure Sockets Layer (SSL) certificate for the iBMC.

SSL helps establish an encrypted link (accessed using HTTPS) between a web server and a browser to ensure secure data transmission. A web server requires an SSL certificate to create an SSL connection.

For security purposes, replace the original certificate and keys with a customized certificate and public and private key pairs.

Prerequisites

Conditions

The local client can communicate with the server iBMC.

Procedure

1. Log in to the iBMC WebUI. For details, see Getting Started > Login.
2. Perform one of the following operations based on the actual scenario:
   • If the client has an SSL certificate issued by an official authority, import the SSL certificate.
   • If the client has an SSL certificate manually generated by the user, import the SSL certificate and add a root certificate to the client browser.
   • To customize an SSL certificate and use a certificate issued by an official authority, customize certificate information, obtain an SSL certificate, and import the SSL certificate.
   • To customize an SSL certificate and use a certificate manually generated, customize certificate information, obtain an SSL certificate, import the SSL certificate, and add a root certificate to the client browser.

3. Customize certificate information.
   1. On the iBMC WebUI, choose Services > SSL Certificate.
   2. Click Customize.
   3. Under 1. Generate CSR, set certificate information.

      Certificate information includes country, state, city/location, organization name and unit, and common name.

   4. Click Generate.

      A certificate signing request (CSR) file is generated.

   5. Save the CSR file to the client.

4. Obtain an SSL certificate.

   You can obtain an SSL certificate using one of the following methods:

   • Apply for an SSL signature certificate from an official certificate authority. (recommended)
   • Use a certificate generation tool (such as OpenSSL) to generate an SSL signature certificate and root certificate.

     You can download the certificate generation tool and its manual from the Internet.

5. Import the SSL certificate.
   1. On the SSL Certificate page, click Customize.
   2. Import the SSL certificate.
      • To use an SSL certificate issued by a certificate authority, click Browse under 2. Import Server Certificate, select the SSL signature certificate to be used, and click Import.
      • To use an SSL certificate manually generated, click Browse under Import Custom Certificate (Optional), select the SSL signature certificate to be used, enter the password in Certificate Password, and click Import.

      After the certificate is imported, "Operation Successful" is displayed.

   3. Log in to the iBMC WebUI again.

6. Add a root certificate to the client browser.

   If the imported SSL certificate is not issued by an official authority, check whether the client browser has the root certificate after the SSL certificate is imported.

   The following uses Internet Explorer as an example to describe how to check and add a root certificate to the browser.

   1. Open Internet Explorer.
   2. On the toolbar, choose Tools > Internet Options.

      The Internet Options dialog box is displayed.

   3. On the Content tab page, click Certificate.

      The Certificate dialog box is displayed.

   4. On the Trusted Root Certificate Issuer tab page, check whether the SSL certificate issuer is listed.
      • If yes, go to Step 6.5.
      • If no, go to Step 6.6.
   5. Check whether the SSL certificate has expired.
      • If yes, go to Step 6.6.
      • If no, go to Step 6.7.
   6. On the Trusted Root Certificate Issuer tab page, click Import and import the root certificate as instructed.
   7. Open Internet Explorer again, and check whether the icon is displayed in the address bar.
      • If yes, no further action is required.
      • If no, contact technical support.