We help IT Professionals succeed at work.

How to automate creation of SSL certs and CSRs on an IBM Remote Supervisor Adapter II

msparby
msparby asked
on
Medium Priority
523 Views
Last Modified: 2008-03-04
The IBM Remote Supervisor Adapter II (RSA2 Card) allows you to manage a server through a web browser.  The RSA2 card has its own embedded web server that operates independent of the operating system on the server itself.  In order for connections to the card to be secure, you obviously need an SSL certificate installed for the embedded web server.  Unfortunately, IBM doesn't provide any method for automating the process of generating and installing certificates or CSRs.  The only way to install the certificate is through a manual process requiring you to use a web browser to type in all of the information and then download the resulting CSR which you can then submit to a CA.

Obviously, that kind of process doesn't scale well when you are trying to set up SSL for hundreds or thousands of servers.  So how do you automate it?  I had some ideas that using "curl" or something might work, but I can't seem to get it right.

If anybody has a server with the Remote Supervisor Adapter and can figure out a way to accomplish this, well, you'll be better than IBM's support staff.
Comment
Watch Question

CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
What kind of web server is it?  Can it use RSA/DER format?
using openssl you can generate a private key and CSR.  When you have the cert issued, you could paste private key and  the cert if that is an option.

Does each have its own cert or will all be sharing the same one?

It is doable.  I have not used curl, so do not know what suggestions to make.

Are all the variables and information you entered through the web interface exist on the last page prior to final submission?
You need to determine how the information is maintained within the web service.

it might be possible that the information is maintained on the server and a cookie is being passed.  I do not know whether curl by default handles cookies or whether an option needs to be used to make curl handle cookies in the responses.





Author

Commented:
The problem is that the web server isn't accessible from anything other than the web configuration interface.  You can't generate the CSR with OpenSSL or aything else.  The only way to install a certificate is to manually enter information into the form and let it generate the cert on its own.

It is possible that it requires cookies to properly generate the CSR.  At this point I suppose I may have to just put a sniffer on the network to get a better idea of how the transactions actually take place.  It could be something that Auto-It would be best suited for but I had hoped for a more graceful solution than just GUI automation.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Not sure why you would need to capture packets. Look at the HTML pages.  Record the variables and what information they gather.  Enable pompting for cookies and you will see whether a cookie is being set.  It might be that your curl setup was incomplete, i.e. it did not effectively reflect the click on the submit button or there is some client side validation that would set another variable to have the process continue to the next step.

 

Author

Commented:
The page uses some JavaScript that I'm not quite understanding either.  When you fill out the form to generate the CSR and click submit, it uses some JavaScript to validate the fields before submitting the form.  It then opens a pop-up window with a "Generating Certificate.  Do not close this window until done." message.  After a few seconds, that window closes and the original window reloads with a link to download the CSR.

I don't doubt that my curl command was incomplete.  I'll give the cookie-prompting a try to see if it yields anything.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
The javascript window that is opening up is where your problem lies.  Its possible that there the information you submitted gets reformatted and then submitted to the server.  If you can replicate what goes on in that proces, you would be able to automate the process. Its possible that the information can reorganized into an XML data stream that gets sent to a particular application on the adapter.

Author

Commented:
The pop-up window doesn't seem to have any actual logic in its source.  It looks to be just a placeholder to make you wait... there's just a simple animated GIF image in it.  The javascript in that window's source doesn't have any logic to handle the form data.
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
The mechanism that opens the javascript popup has the transactional information.  The items displayed in the javascript pop up are the response from the server.  See within the last screen if a window open exists.  see whether there there is a reference to a function or does it reference something else as the source for the window.  

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.