HMC - BMC certificate with SAN

By kimot, 13 March, 2024

Disclaimer : this setup was tested on HMC 7063-CR2

If you want to use a certificate with multiple SAN arrays on BMC, then the CSR web form will not make you very happy

But you don't have to hang your head and you can create a CSR using DCM.

Then have the resulting CSR signed by your CA (in this case we are using OpenSSL method)

Then import signed certificate back into DCM where CSR was created and export signed certificate in *.p12 format

With the help of OpenSSL, you can extract both the certificate and the private key in PEM format from the *.p12 certificate.
openssl pkcs12 -in bmcx01.p12 -out bmcx01.crt.pem -clcerts -nokeys
openssl pkcs12 -in bmcx01.p12 -out bmcx01.key.pem -nocerts -nodes

Finally, combine the key and the certificate into one resulting PEM file.

This *.pem file you can import as server certificate into BMC via web interface. Don't forget to install CA certificate as well.

In next step you have to reboot BMC

The next time you access the BMC web interface, you should no longer see this

But this