Server Products
Data Center Products including boards, integrated systems, Intel® Xeon® Processors, RAID Storage; and Intel® Xeon® Processors
Announcements
Welcome to the Intel Community. If you get an answer you like, please mark it as an Accepted Solution to help others. Thank you!
4299 Discussions

How to reset/regenerate modular server SSL certificate?

idata
Community Manager
909 Views

Our modular server's (MFSYS25V2) SSL certificate was autogenerated, but I don't really know what exactly triggered it ... so I don't know how to trigger it again.

The problem is that the certificate is self-signed and the certificate subject contains the IP address of the modular server's management interface.

During the configuration we've assigned a hostname to the management interface and we access it using this hostname ever since.

Both Internet Explorer and Google Chrome issue warnings if we access the management interface via the hostname. Importing the SSL certificate into IE's certificate store doesn't help, because the certificate was issued to the IP address of the server and not the hostname.

Moreover the auto-generated certitificate is valid only for one year. It was generated on 10/30/2012 and will expire on 10/30/2013. What will happen to the certificate, when it expires? Is it going to be regenerated?

Is there a way to make the modular server (re)generate this certificate for it's hostname?

P.S.: I've seen that there was a question about modular server's SSL certificate before (in 2009). But that question was about applying custom/trusted SSL certificates to the management interface.

0 Kudos
1 Reply
Daniel_O_Intel
Employee
70 Views

I just tested this in my lab. I changed the name, and the certificate was the same. I set the time zone correctly (I had the default one at first), there was a new security exception, and I accepted the certificate. I checked the details, and it was issued today.

So the answer is; the modular server will generate a new certificate once a year, or when the timezone changes.

If you changed just the name, and a new certificate was not generated, try going in and changing the time (forward or backward by a minute, to be non-disruptive), and let us know if a new certificate is generated, and can be added as an exception in the browser.

Reply