iRMC certificate resets itself

PRIMERGY, SPARC Enterprise Server, PRIMEFLEX, PRIMEPower, BS2000

Moderator: ModTeam

koga
Posts: 7
Joined: Sun May 10, 2020 21:03
Product(s): PRIMERGY RX2520 M4

iRMC certificate resets itself

Postby koga » Mon May 11, 2020 17:20

Please help, It drives me crazy!
I want to install custom certificate for access the server's iRMC via https.

I generated an x509 rsa key and csr
signed the csr with ca

when i upload the two files (crt and key) in irmc i get 3 green notification: privkey ok, privkey ok, pubkey ok

Now iRMC reload needed. (if I don't reload it immediately I can see the data filled well from the crt.)

but after I reboot the irmc it is generating back a self cert.
i tried import the ca, checked the system clock, generated new cert, nothing relevant in the log

I have the latest iRMC fw: 2.49P
PRIMERGY RX2520 M4

Thanks

User avatar
Ask Fujitsu
Moderator
Posts: 724
Joined: Fri Aug 02, 2019 10:02
Product(s): n/a
Contact:

Re: iRMC certificate resets itself

Postby Ask Fujitsu » Wed May 13, 2020 9:22

Hello,

Please zip this 2 files of certificates and please generate and provide the PrimeCollect logs from OS or from ServerView Installation DVD for further investigation.

Direct download Link for ServerView Installation DVD
https://support.ts.fujitsu.com/IndexDow ... 540E3B39F5

Here you can find, how to prepare that kind of report:
https://manuals.ts.fujitsu.com/IndexDow ... 6399120F28

Thank you for your cooperation. I´ll be waiting for feedback from your side. :)

koga
Posts: 7
Joined: Sun May 10, 2020 21:03
Product(s): PRIMERGY RX2520 M4

Re: iRMC certificate resets itself

Postby koga » Fri May 15, 2020 3:57

Hello and thank you for your reply.

Can you please give me a brief step-by-step guide, what am I supposed to do to get this PrimeCollect log? At first glimpse it looks extremely complicated.

I need to boot the sever with this ServerView?
Install this ServerView on windows Server?
Can I install it on a Virtual machine on the server itself?

Thank you!

UPDATE:
As I am reading the doc I think I can boot the server with the iso directly.
And while it doesn't have optical drive, I think I can make a bootable usb stick with rufus.

Please correct me if I am wrong. Thanks.

How can I send you the data if I have them?

koga
Posts: 7
Joined: Sun May 10, 2020 21:03
Product(s): PRIMERGY RX2520 M4

Re: iRMC certificate resets itself

Postby koga » Fri May 15, 2020 7:05

Ok I can't believe it, but i have done it.

I gave it a last try and generated a new keypair on a different machine, signed it and even tested with an apache server to ensure I am doing it right.

Uploaded to iRMC and I noticed something different: I got 4 green notification instead of 3. (I was unable to read them, because they disappeared too quickly)
And this time after reboot i have my own cert.

Unfortunately I lost the certs generated earlier. So I can't tell what was different this time.
Maybe this time I filled the email record? or something was wrong with the first machine where I generated the keys earlier? Can't tell.
But i tried it at least 20 times. If you interested I may try to reproduce the wrong way :mrgreen:

koga
Posts: 7
Joined: Sun May 10, 2020 21:03
Product(s): PRIMERGY RX2520 M4

Re: iRMC certificate resets itself

Postby koga » Fri May 15, 2020 7:33

I found the "wrong" cert.

Tested with apache. It's OK.
The only difference is that in the "wrong" one I defined the L and OU field in the cert Subject.

The other thing I can think of that on the first time after fw upgrade I don't rebooted the irmc immediately but tried to install the certs as well, and this caused some problem which resolved itself after some time somehow :)

User avatar
Ask Fujitsu
Moderator
Posts: 724
Joined: Fri Aug 02, 2019 10:02
Product(s): n/a
Contact:

Re: iRMC certificate resets itself

Postby Ask Fujitsu » Tue May 19, 2020 12:09

Hello,

Most times is problem with certificates, wrong created or filled. I'm happy that now is working ok.

koga
Posts: 7
Joined: Sun May 10, 2020 21:03
Product(s): PRIMERGY RX2520 M4

Re: iRMC certificate resets itself

Postby koga » Thu Mar 10, 2022 1:42

Here I am again :(
now I have another two PRIMERGY M5 and I can't install the certificate.
furthermore accidentally deleted the cert on M4 and can't reinstall it.
I have no idea what had happened 3 years ago, when I finally succeded.
this looks very buggy.
could you please send me a sample cert/key which should work?

koga
Posts: 7
Joined: Sun May 10, 2020 21:03
Product(s): PRIMERGY RX2520 M4

Re: iRMC certificate resets itself

Postby koga » Thu Mar 10, 2022 20:03

Finally found out.
Looks like nobody cares, but I may come back in a couple of years and will thank to myself :)
Long story short:
REPLACE this:
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
To this:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

Longer story:
I don't know enough about this topic. Looks like the PEM format which is required by the irmc is not the same as the openssl default "PEM". Different PKCS version? I don't know,

openssl genrsa -out private_key.pem 2048
generates key with "RSA PRIVATE KEY" markers. The right version.

but if you make it in one run:
openssl req -nodes -newkey rsa:2048 -keyout private_key.pem -out example.com.req

generates key with "PRIVATE KEY" markers. The "wrong" version. Maybe I am missing a switch here.

The two form should differ in content, but looks like this "dirty hack" to change the markers by adding "RSA" just works.

koga
Posts: 7
Joined: Sun May 10, 2020 21:03
Product(s): PRIMERGY RX2520 M4

Re: iRMC certificate resets itself

Postby koga » Thu Mar 10, 2022 20:41

Ok so with req command openssl gives a PKCS#8 format key, instead of PKCS#1
So after
openssl req -nodes -newkey rsa:2048 -keyout private_key.pem -out example.com.req

The proper way to convert:
openssl rsa -in private_key.pem -out private_key_new.pem


Return to “Server Products”

Who is online

Users browsing this forum: No registered users and 1 guest