How To's
Regenerate self-signed certificates UI
The BMC UI uses self-signed certificates. Open a terminal on your computer and execute the following command to regenerate them. ( default password: turing
).
ssh root@turingpi '/etc/bmcd/generate_self_signedx509.sh && /etc/init.d/S94bmcd restart'
(Note: you may need to use turingpi.local
or the IP address to access the BMC console using SSH)
Replace certificates
The bmcd daemon, responsible for hosting the BMC-UI, has a configuration file in which alternative certificates can be configured. Replacing the self-signed certificates with one trusted by a CA improves the system's security.
- On your computer, copy the new certificates to your BMC:
scp my_cert.pem my_key.pem [email protected]:/etc/ssl/certs/
- Login to the BMC:
- Make sure the permissions of the copied certificates are correct.
chmod 644 /etc/ssl/certs/*.pem
- Edit the bmcd config:
nano /etc/bmcd/config.yaml
- Find and replace the "tls" section with the pem files we copied earlier:
...
tls:
certificate: /etc/ssl/certs/my_cert.pem
private_key: /etc/ssl/certs/my_key.pem
- Save the file and exit
- Restart the bmcd daemon:
/etc/init.d/S94bmcd restart
Updated 8 months ago