Get-OVserver -name $server | Get-OVIloSso -IloRestSession

HewlettPackard / POSH-HPEOneView

PowerShell language bindings library for HPE OneView.

http://hewlettpackard.github.io/POSH-HPEOneView/

125 stars 52 forks source link

Get-OVserver -name $server | Get-OVIloSso -IloRestSession #614

Closed ajayvaaka closed 1 year ago

ajayvaaka commented 2 years ago

Expected Behavior

Need to provide iLO session key

Actual Behavior

Exception calling "GetResponse" with "0" argument(s): "The SSL connection could not | be established, see inner exception."

Steps to reproduce

$session = get-ovserver -Name $serverfile.serverhardware -Appliance $Script:Composer | Get-OVIloSso -IloRestSession

Version Information

$PSLibraryVersion

appliance1 appliance2 LibraryVersion Path
------------------------------------- ------------------------------------------- -------------- ---
ApplianceVersion: 6.50.00.452161.00   ApplianceVersion: 6.50.00.452161.00         6.30.3188.1900 /U…

Name                           Value
----                           -----
PSVersion                      7.2.6
PSEdition                      Core
GitCommitId                    7.2.6
OS                             Darwin 21.6.0 Darwin Kernel Version 21.6.0: Sat Jun 18 17:07:25 PDT …
Platform                       Unix
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

ChrisLynchHPE commented 2 years ago

This isn't necessarily a bug with the PowerShell library. That is if you are using self-signed certificates (which is the default) on your iLO's. There is a change in PowerShell Core that introduced an issue with how to handle self-signed certificates than what we used to do in say Windows PowerShell (PowerShell 5.x).

With iLO, the Subject and Issuer do not match. The Subject starts with ILO, followed by the servers serial number. The Issuer is "Default Issuer (Do Not Trust)". Self-signed certificates traditionally both Subject and Issuer will match. Since both do not match, one needs to institute a workaround to either blindly trust all certs, or implement a process to compare those fields in the cert object.

If you can run your script from a PowerShell 5.x system, the Cmdlet will work as is. To use this within PowerShell Core, regardless of the OS, a "fix" is needed. I have new validation code that will address this.

Of course, if you use an enterprise CA PKI infrastructure and trust the certificate chain, then all of this would go away for you.

ChrisLynchHPE commented 1 year ago

This was addressed in the 7.00 library. I will backport this to a 6.60 library release soon.

ChrisLynchHPE commented 1 year ago

This has been addressed in:

Release 6.60.3332.3428 and in PowerShell Gallery
Release 7.00.3333.2084 and in PowerShell Gallery

Please verify before this issue is closed.

ChrisLynchHPE commented 1 year ago

Closing due to no further activity. If you wish, feel free to re-open to discuss further.

j-crawford17 commented 11 months ago

Hello Chris, I'm running into this same issue using PS version 7.3.7 using HPEOneView.660 build 6.60.3530.1622

I was able to verify that Get-OVIloSso works fine on PS 5.1