cmh
Explorer
- Joined
- Jan 7, 2013
- Messages
- 75
I've got a TrueNAS Mini X+ and am getting it set up, and I can't get the SSL cert to update. I can upload the certificate and the key, and that's fine, and it says it's uploaded, but when I reset, the certificate has reverted to the default that ships with the IPMI - that has also expired in 2020.
To be clear, the IPMI is only on my local network, so the argument could be made to just disable the SSL to the http interface, which is what I had to do with my previous FreeNAS Mini - the https was too old for modern browsers to connect to it, but with this new one, it should be good, and I've got a valid letsencrypt cert that I could install if the installation actually worked.
I contacted iXsystems and they said my system doesn't have software support, and I made the argument that the OS is completely unrelated to the IPMI, and the IPMI configuration is hardware, but that didn't get me any help there, so I'm in this sorta grey area in between. Have searched online but IPMI is a thing that's been around for a long time and there's a whole bunch of useless information out there. Hoping maybe someone has some experience they can share.
So I login to the IPMI interface, dismiss the "OMG your connection is insecure", login, go to Configuration -> SSL Certification (sic) and upload my cert and private key. Click OK, confirm I want to overwrite the existing cert, and then get a message indicating success. While that's displaying, I see the valid start and end date for my current cert, so it has definitely worked, but when I click OK to restart - or cancel and manually retstart - when the UI loads again it's reverted.
I think this might be possible with ipmitool, but I'm not sure how, and it looks like there have been many variations on that tool over the years. Manpage is no help, although I admit I haven't read the entire thing, just looked for key stuff like "cert", "ssl", https, etc.
To be clear, the IPMI is only on my local network, so the argument could be made to just disable the SSL to the http interface, which is what I had to do with my previous FreeNAS Mini - the https was too old for modern browsers to connect to it, but with this new one, it should be good, and I've got a valid letsencrypt cert that I could install if the installation actually worked.
I contacted iXsystems and they said my system doesn't have software support, and I made the argument that the OS is completely unrelated to the IPMI, and the IPMI configuration is hardware, but that didn't get me any help there, so I'm in this sorta grey area in between. Have searched online but IPMI is a thing that's been around for a long time and there's a whole bunch of useless information out there. Hoping maybe someone has some experience they can share.
So I login to the IPMI interface, dismiss the "OMG your connection is insecure", login, go to Configuration -> SSL Certification (sic) and upload my cert and private key. Click OK, confirm I want to overwrite the existing cert, and then get a message indicating success. While that's displaying, I see the valid start and end date for my current cert, so it has definitely worked, but when I click OK to restart - or cancel and manually retstart - when the UI loads again it's reverted.
I think this might be possible with ipmitool, but I'm not sure how, and it looks like there have been many variations on that tool over the years. Manpage is no help, although I admit I haven't read the entire thing, just looked for key stuff like "cert", "ssl", https, etc.