Regenerate self-signed certificates UI

The BMC UI uses self-signed certificates. Open a terminal on your computer and execute the following command to regenerate them. ( default password: turing).

ssh root@turingpi '/etc/bmcd/generate_self_signedx509.sh && /etc/init.d/S94bmcd restart'

(Note: you may need to use turingpi.local or the IP address to access the BMC console using SSH)

Replace certificates

The bmcd daemon, responsible for hosting the BMC-UI, has a configuration file in which alternative certificates can be configured. Replacing the self-signed certificates with one trusted by a CA improves the system's security.

1. On your computer, copy the new certificates to your BMC:

scp my_cert.pem my_key.pem [email protected]:/etc/ssl/certs/ 

2. Login to the BMC:

ssh [email protected]

3. Make sure the permissions of the copied certificates are correct.

chmod 644 /etc/ssl/certs/*.pem

4. Edit the bmcd config:

nano /etc/bmcd/config.yaml

5. Find and replace the "tls" section with the pem files we copied earlier:

...
tls:
  certificate: /etc/ssl/certs/my_cert.pem
  private_key: /etc/ssl/certs/my_key.pem

6. Save the file and exit
7. Restart the bmcd daemon:

/etc/init.d/S94bmcd restart