Automating IPMI 2.0 management Let's Encrypt certificate update

Thursday, July 12. 2018

Today, I'm combining to previous post into a new one. I've written earlier about going fully Let's Encrypt and the problems I have with them. Now that I'm using them, and those certs have ridiculously short life-span, I need to keep automating all possible updates. That would include the IPMI 2.0 interface on my Supermicro SuperServer.

Since Aten, the manufacturer of the IPMI-chip chose not to make the upload of a new certificate automateable (is that a word?), I had to improvise something. I chose to emulate web browser in a simple Python-script doing first the user login via HTTP-interface, and then upload the new X.509 certificate and the appropriate private key for it. Finally the IPMI BMC will be rebooted. Now its automated!

So, the resulting script is at https://gist.github.com/HQJaTu/963db9af49d789d074ab63f52061a951. Go get it!

by Jari Turkia in Hardware, Security at 20:32 | Comments (2) | Share in LinkedIn

Comments
Display comments as (Linear | Threaded)

Pekka Kajander on :

Looks like Supermicro broke this again on IPMI 3.88 (for X10SDV). Any idea how to repair?
Comment (1)

Ronal Mikkon on :

Can confirm it is not working. Somehow the login changed.
Comment (1)

Add Comment
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.
Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

Submitted comments will be subject to moderation before being displayed.

Calendar

Mon Tue Wed Thu Fri Sat Sun
Back July '25
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      

Quicksearch

Archives

Categories

RSS feeds of this Blog

Blog Administration

Open login screen

Powered by

Parts of this serendipity template are by Abdussamad Abdurrazzaq and Jari Turkia. License