Back to turingpi.com

How To's

Suggest Edits

Regenerate self-signed certificates UI

The BMC UI uses self-signed certificates. Open a terminal on your computer and execute the following command to regenerate them. ( default password: turing).


ssh root@turingpi '/etc/bmcd/generate_self_signedx509.sh && /etc/init.d/S94bmcd restart'

(Note: you may need to use turingpi.local or the IP address to access the BMC console using SSH)

Replace certificates

The bmcd daemon, responsible for hosting the BMC-UI, has a configuration file in which alternative certificates can be configured. Replacing the self-signed certificates with one trusted by a CA improves the system's security.

  1. On your computer, copy the new certificates to your BMC:
scp my_cert.pem my_key.pem [email protected]:/etc/ssl/certs/
  1. Login to the BMC:
ssh [email protected]
  1. Make sure the permissions of the copied certificates are correct.
chmod 644 /etc/ssl/certs/*.pem
  1. Edit the bmcd config:
nano /etc/bmcd/config.yaml
  1. Find and replace the "tls" section with the pem files we copied earlier:
...
tls:
  certificate: /etc/ssl/certs/my_cert.pem
  private_key: /etc/ssl/certs/my_key.pem
  1. Save the file and exit
  2. Restart the bmcd daemon:
/etc/init.d/S94bmcd restart

Updated about 2 months ago