System information

Replacing the Self-Signed Certificate With an SSL Certificate for HTTPS

74 AlterPath OnBoard Administrator’s Guide

8. Save and quit the file.

9. Assign the new custom type to the appropriate service processors.

For example, if you have created a talk_custom1.exp for iLO

service processors, configure the iLO service processors as custom1 type.

If you are substituting bidilink, you are done.

10. If you are substituting ssh, set up host keys for every service processor

configured to use ssh by doing the following steps.

a. Use ssh to connect to the service processor as an administrator.

A dialog similar to the following appears.

b. If the fingerprint matches that of the Service Processor, answer yes.

c. Enter the password when prompted.

Replacing the Self-Signed Certificate With an

SSL Certificate for HTTPS

As described in “HTTPS on the OnBoard” on page 24, an OnBoard

administrator should replace the automatically-generated self signed

certificate with an SSL certificate from an official certificate authority. The

root user can follow the instructions the following procedure to generate a

certificate signing request and to install the public key and the certificate in

the Apache web server on the OnBoard after obtaining the certificate from the

CA.

See http://pki-page.org for a list of certification authorities, if

needed.

[root@OnBoard onboard]# ssh -t administrator_name@OnBoard_DNS_name_or_IP_addr

The authenticity of host 'SP (127.0.0.1)' can't be

established.

RSA key fingerprint is

5e:35:3d:0b:e8:3d:07:13:45:45:ad:6a:6f:2c:4c:aa.

Are you sure you want to continue connecting (yes/no)?