Product Documentation

Installing a Certificate and Key on the LOM GUI

Jan 31, 2011

Citrix recommends using HTTPS to access the LOM GUI. To use HTTPS, you must replace the default SSL certificate with one from a trusted certificate authority and upload a private key to the LOM GUI.

To encrypt SNMP alerts, setup an SSL certificate and private key. In the GUI, navigate to Configuration > SSL Certification and apply the SSL certificate and private key. See the NetScaler Secure Deployment Guide for more information about how to securely deploy the LOM in your network. To enable encryption and learn the security measures for LOM, see http://support.citrix.com/article/CTX129514.

If you make a mistake, you must restore the BMC to the factory defaults to erase the certificate and key. Use the following shell command:

ipmitool raw 0x30 0x41 0x1

Note: The certificate file must contain only the certificate. The certificate and key must not be in the same file. Make sure that the certificate contains only the certificate and that the key file contains only the key.

To upload a trusted certificate and private key by using the LOM GUI

  1. Navigate to Configuration > SSL Certification.
  2. In the right pane, click the Choose File buttons to select a new SSL certificate and a new private key.
  3. To verify that you have selected the correct certificate and private key, check the file names of the certificate and key, which appear next to the Choose File buttons.
  4. Click Upload. A message informs you that uploading a new SSL certificate replaces the existing (default) certificate.
  5. Click OK.
  6. When a message informs you that the certificate and key have been uploaded successfully, click OK to reset the device.
    The reset takes approximately 60 seconds. You are then redirected to the logon page.


  7. Log on to the LOM GUI by using your default credentials.
    Note: If the certificate or key are invalid, the BMC reboots, tries the new settings, and reverts to using the previous settings.
  8. In the address bar, click the lock icon to display the connection tab, as shown on the screen below.
  9. Click Certificate information to display details about the certificate that you just uploaded.
    Note: For the best practices for LOM and NetScaler security, see http://support.citrix.com/article/CTX129514.
Was this helpful?YesNo