How to automate creation of SSL certs and CSRs on an IBM Remote Supervisor Adapter II

The IBM Remote Supervisor Adapter II (RSA2 Card) allows you to manage a server through a web browser.  The RSA2 card has its own embedded web server that operates independent of the operating system on the server itself.  In order for connections to the card to be secure, you obviously need an SSL certificate installed for the embedded web server.  Unfortunately, IBM doesn't provide any method for automating the process of generating and installing certificates or CSRs.  The only way to install the certificate is through a manual process requiring you to use a web browser to type in all of the information and then download the resulting CSR which you can then submit to a CA.

Obviously, that kind of process doesn't scale well when you are trying to set up SSL for hundreds or thousands of servers.  So how do you automate it?  I had some ideas that using "curl" or something might work, but I can't seem to get it right.

If anybody has a server with the Remote Supervisor Adapter and can figure out a way to accomplish this, well, you'll be better than IBM's support staff.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

What kind of web server is it?  Can it use RSA/DER format?
using openssl you can generate a private key and CSR.  When you have the cert issued, you could paste private key and  the cert if that is an option.

Does each have its own cert or will all be sharing the same one?

It is doable.  I have not used curl, so do not know what suggestions to make.

Are all the variables and information you entered through the web interface exist on the last page prior to final submission?
You need to determine how the information is maintained within the web service.

it might be possible that the information is maintained on the server and a cookie is being passed.  I do not know whether curl by default handles cookies or whether an option needs to be used to make curl handle cookies in the responses.

msparbyAuthor Commented:
The problem is that the web server isn't accessible from anything other than the web configuration interface.  You can't generate the CSR with OpenSSL or aything else.  The only way to install a certificate is to manually enter information into the form and let it generate the cert on its own.

It is possible that it requires cookies to properly generate the CSR.  At this point I suppose I may have to just put a sniffer on the network to get a better idea of how the transactions actually take place.  It could be something that Auto-It would be best suited for but I had hoped for a more graceful solution than just GUI automation.
Not sure why you would need to capture packets. Look at the HTML pages.  Record the variables and what information they gather.  Enable pompting for cookies and you will see whether a cookie is being set.  It might be that your curl setup was incomplete, i.e. it did not effectively reflect the click on the submit button or there is some client side validation that would set another variable to have the process continue to the next step.

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

msparbyAuthor Commented:
The page uses some JavaScript that I'm not quite understanding either.  When you fill out the form to generate the CSR and click submit, it uses some JavaScript to validate the fields before submitting the form.  It then opens a pop-up window with a "Generating Certificate.  Do not close this window until done." message.  After a few seconds, that window closes and the original window reloads with a link to download the CSR.

I don't doubt that my curl command was incomplete.  I'll give the cookie-prompting a try to see if it yields anything.
The javascript window that is opening up is where your problem lies.  Its possible that there the information you submitted gets reformatted and then submitted to the server.  If you can replicate what goes on in that proces, you would be able to automate the process. Its possible that the information can reorganized into an XML data stream that gets sent to a particular application on the adapter.
msparbyAuthor Commented:
The pop-up window doesn't seem to have any actual logic in its source.  It looks to be just a placeholder to make you wait... there's just a simple animated GIF image in it.  The javascript in that window's source doesn't have any logic to handle the form data.
The mechanism that opens the javascript popup has the transactional information.  The items displayed in the javascript pop up are the response from the server.  See within the last screen if a window open exists.  see whether there there is a reference to a function or does it reference something else as the source for the window.  

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.