MPX/SDX 5900/8900 LOM Inaccessible after installation of a SSL Certificate
Article ID: CTX238443
Updated On:
Description
- A new certificate and private key are installed on the LOM of a 5900/8900 hardware platform Netscaler.
- The private key is encrypted/password protected
- The LOM does not prompt for a password to the private key
- After the LOM reboots, the LOM GUI is no longer accessible via HTTP or HTTPS
Resolution
The LOM firmware on the 5900/8900 series Netscaler hardware does not currently support password-encrypted private keys.
To recover access to the LOM (from the FreeBSD shell of the Netscaler or SVM):
To recover access to the LOM (from the FreeBSD shell of the Netscaler or SVM):
- ipmitool lan print
(note LAN settings if you need to re-use them later)
- ipmitool raw 0x30 0x68 0x0 0x0
- ipmitool raw 0x30 0x40
- (wait 60 seconds)
- ipmitool mc reset cold
- (wait 60 seconds)
- ipmitool lan print
(if IP address still shows 0.0.0.0, wait a little bit longer and try lan print again)
(IP address should reset back to 192.168.1.3)
- Re-initialize LAN settings as appropriate:
ipmitool lan set 1 ipaddr x.x.x.x
ipmitool lan set 1 netmask x.x.x.x
ipmitool lan set 1 defgw ipaddr x.x.x.x
To Install the certificate once LOM GUI access is restored:
Use the following openssl command (available from the Netscaler's FreeBSD shell, or openssl can be installed on a Windows PC):
Use the following openssl command (available from the Netscaler's FreeBSD shell, or openssl can be installed on a Windows PC):
openssl rsa -in {encryptedKeyFile.PEM} >{decryptedKeyFile.PEM}
The above command will prompt for the private key password and then decrypt the private key. You may then install the decrypted private key and certificate on the LOM successfully
Problem Cause
The LOM firmware on the 5900/8900 series Netscaler hardware does not currently support password-encrypted private keys.Issue/Introduction
After installing a SSL Certificate that uses an encrypted private key, the LOM GUI of a MPX or SDX 5900 or 8900 becomes inaccessible
Additional Information
Was this article helpful?
Yes
No
Powered by
