If you manage multiple HPE servers, you’ve probably dealt with the hassle of renewing or requesting certificates for iLO (Integrated Lights-Out). It can be time-consuming to handle them one by one. That’s why I put together this PowerShell script—it automates the CSR (Certificate Signing Request) process, saving you tons of time and effort.
What does this script do?
It connects to each server’s iLO interface using the HPE iLO PowerShell module. Then it creates a CSR for each device and saves that CSR to a text file on your local system. You can send those files off to your certificate authority (CA) to be signed. Finally, the script disconnects from the iLO, keeping your environment clean and organized.
Why use PowerShell for iLO certificate tasks?
- Less manual work: Instead of logging in to each iLO web interface, you can do it all from one script.
- Better consistency: The script uses the same settings for every CSR, minimizing human error.
- Scalable: Got 10 servers? 100 servers? No problem—just drop their IPs or hostnames into a text file, and you’re set.
What you’ll need before running the script:
- HPE iLO PowerShell module: Make sure you have it downloaded and placed in a folder, like
C:\temp\hpeilocmdlets.4.2.0
. - Credentials: Update the script with your iLO username and password.
- List of iLO targets: Keep a file called
C:\temp\ILOtargets.txt
that has each server’s IP or hostname on a separate line.
How it works step-by-step:
- Import the HPE iLO module: The script begins by loading the module that contains iLO-specific PowerShell commands.
- GenerateCSR function:
- Connects to iLO using
Connect-HPEiLO
. - Requests a new certificate signing request with
Start-HPEiLOCertificateSigningRequest
. - Waits a few seconds for iLO to do its thing.
- Fetches the newly created CSR with
Get-HPEiLOCertificateSigningRequest
. - Saves the CSR to
C:\temp\SR_ServerName.txt
. - Disconnects from iLO to ensure there’s no lingering session.
- Connects to iLO using
- Loop through each server in the text file: A simple
foreach
loop reads each line fromC:\temp\ILOtargets.txt
and runs theGenerateCSR
function on it.
PowerShell script below:
Write-Host "Loading module: HPEiLOCmdlets"
Import-Module -Name "C:\temp\hpeilocmdlets.4.2.0\HPEiLOCmdlets.psd1"
# Update these variables with valid credentials
$targetILOUsername = ""
$targetILOPassword = ""
function GenerateCSR {
[CmdletBinding()]
Param(
[Parameter(Mandatory=$True)]
[String]
$targetILO
)
# Customize organization details below as needed
$State = ""
$Country = ""
$City = ""
$Organization = ""
$OrganizationalUnit = ""
$CommonName = $targetILO
Write-Verbose "Creating Temporary File For CSR"
$CSRTempFile = "C:\temp\CSR_$($targetILO).txt"
Write-Verbose "CSR Temporary File Is $CSRTempFile"
Write-Host "`nConnecting using Connect-HPEiLO`n" -ForegroundColor Green
$connect = Connect-HPEiLO -IP $targetILO -Username $targetILOUsername -Password $targetILOPassword -DisableCertificateAuthentication
# Initiate the Certificate Signing Request
$result = Start-HPEiLOCertificateSigningRequest -Connection $connect `
-State $State -Country $Country -City $City -Organization $Organization `
-OrganizationalUnit $OrganizationalUnit -CommonName $CommonName
if ($result.Status -eq "ERROR") {
if ($result.StatusInfo -ne $null) {
$message = $result.StatusInfo.Message
Write-Host "`nFailed to generate CSR for $($result.IP): $message" -ForegroundColor Red
}
}
# Attempt to fetch the CSR
Start-Sleep -Seconds 20
$result = Get-HPEiLOCertificateSigningRequest -Connection $connect
if ($result.Status -eq "ERROR") {
$message = $result.StatusInfo.Message
Write-Host "`nFailed to get certificate for $($result.IP): $message" -ForegroundColor Red
}
elseif ($result.Status -eq "INFORMATION") {
Start-Sleep -Seconds 20
$output = Get-HPEiLOCertificateSigningRequest -Connection $connect
Write-Host "`nCertificate information for $($result.IP)" -ForegroundColor Green
# Create or overwrite the CSR file
New-Item $CSRTempFile -ItemType File -Force | Out-Null
Set-Content -Path $CSRTempFile -Value ($output.CertificateSigningRequest).Split("`n")
}
else {
Start-Sleep -Seconds 20
Write-Host "`nCertificate information for $($result.IP)" -ForegroundColor Green
# Create or overwrite the CSR file
New-Item $CSRTempFile -ItemType File -Force | Out-Null
Add-Content -Path $CSRTempFile -Value ($result.CertificateSigningRequest).Split("`n")
}
# Disconnect
if ($connect -ne $null) {
Write-Host "`nDisconnecting using Disconnect-HPEiLO `n" -ForegroundColor Yellow
$disconnect = Disconnect-HPEiLO -Connection $connect
$disconnect | Format-List
Write-Host "Connection disconnected successfully.`n"
}
}
# Read the list of iLO IPs or hostnames
$listaILO = Get-Content "C:\temp\ILOtargets.txt"
$dateString = (Get-Date).ToString("yyyy-MM-dd_hh-mm-ss")
foreach ($ILOitem in $listaILO) {
Write-Host "Generating CSR for $ILOitem..."
GenerateCSR -targetILO $ILOitem
}
Why is this handy?
- You avoid repeating the same clicks in a web interface over and over.
- All your CSR files are neatly stored in one directory, making them easier to track and send off for signing.
- You can customize organization details like City, State, and Country in the script, so you don’t have to type them each time.
Quick tips:
- If you see any errors, make sure your credentials are correct and that iLO is reachable on the network.
- Adjust the waiting time (
Start-Sleep -Seconds 20
) if you have slower responses on your network. - Always test changes in a development or lab environment before putting the script into production.
When you’re done, you’ll have a folder full of CSR files that you can send to your certificate authority. Once they send you back the signed certificates, you can upload them to each iLO interface. This streamlined approach can save you hours—especially if you manage a large cluster of HPE servers.
Happy automating! If this script helps you, feel free to share it with fellow admins or post it in your favorite IT community. And of course, keep an eye on my blog, technicalterm.com, for more tips, tricks, and scripts that make the life of a Windows admin, virtualization expert, or DevOps practitioner a whole lot easier.