Whilst trying to enforce restrictions around how services run on a RHEL6 server, I thought it would be good to make use of the SETUID/SETGID permission bits, rather than relying on the development team to to make us of the su command to launch their applications as a specific user.
This turned out to be a really bad idea! And caused a major headache.
Should you ever need to deploy SSL certificates on to HP Onboard Administrator modules for C7000 or c3000 (note I’ve only done this on c7000, but the process should be the same), then following a few guidelines will help make sure they work without issue and the process runs smoothly, first time round!
If you have enabled Enclosure IP Mode, I would advise against having it enabled whilst you setup the certificates.
I found that if you just try to apply the certificates to both OA modules, that the result tend to be inconsistent. Whilst trying to find the best method for applying the certificates, I found the following site very useful
The following steps (stolen from the site above) should be followed;
- Create your CSRs for both Active and Standby
- Once they are signed, and you have them back, open Standby OA
- Upload the Certificate (forget about the warnings)
- Go to enclosure settings, and do an Active to Standby
- Go to your current StandbyOA and upload the certificate
- Go back to enclosure settings and do another Active to Standby
Hope you find this useful.