openbmc icon indicating copy to clipboard operation
openbmc copied to clipboard

Published 20 hours ago verified publisher icon facebook

Redfish: Https authentication

Open ChuTingI opened this issue 1 year ago • 0 comments

Hi all,

I've been studying your redfish code architecture and trying to access HTTPS in order to send redfish POST requests to the BMC redfish server.

Here are the steps I took:

  1. Create my own certificates with OpenSSL and put CA-cert.pem, server-cert.pem, and server-key.pem in BMC. (Server CommonName is server's IP address)
  2. Add RULES and RULES_REGEXP in acl_config.py.
  3. Add SSL configs in rest.cfg and open port 8443.
  4. Send a redfish request carrying --cacert CA-cert.pem, --cert client-cert.pem, and --key client-key.pem. (Client CommonName is user:root/192.168.1.110)

However, as long as I carry the argument --cert client-cert.pem, it would respond to me curl: (35) Unknown SSL protocol error. And if I don't, it responds 403: Forbidden normally. My BMC redfish server cannot get client certificate.

Did I miss something? Or is it because I used a self-signed certificate instead of your certificates?

Thank You

ChuTingI avatar Oct 17 '22 08:10 ChuTingI