1

We have several ILOs that need signing for HP Systems Insight Manager to work properly. (Single Sign On between the several ILOs)

I tried submitting a certificate without creating any template but failed due to a nonexistent template for this certificate submission. I am not sure how to create a template that will accept HP certificates or if I am doing something completely wrong?

We are using Windows Server Certification-Authority.

Blufftl
  • 87
  • 1
  • 8

1 Answers1

2

HP iLO requires certificate with Server and Client Authentication EKUs. I would suggest to do the following:

  1. Open Certificate Templates MMC snap-in and duplicate default Web Server template.
  2. Switch to Extensions tab, select Application Policies extension and add Client Autentication EKU. Save changes. Remember template's common name (it is autogenerated based on display name you type).
  3. Add new template to CA for issuance.

When submitting request, use command-line tool as follows:

certreq -submit -attrib "CertificateTemplate:TemplateCommonName"

Replace TemplateCommonName with actual template's name.

Crypt32
  • 6,414
  • 1
  • 13
  • 32
  • thank you for your answer! I followed your steps and got denied by policy module "0x80094800". I looked up the error and some said this was due to missing "authenticated users" in security tab in the template itself, this was not my problem. I am starting to think that I have to issue the certificate on the AD for it to be permitted? – Blufftl Apr 25 '17 at 13:04
  • Error code says that you didn't add the template to CA server for issuance or mistyped template name in certreq call. – Crypt32 Apr 25 '17 at 20:30