we have our own ilo-CA for them. To create a new cert, fetch the
CSR, then use the sign-modified-csr script in the CA-ilo dir on our CA host.
+(currently db.debian.org:/srv/ca.debian.org/CA-ilo) The CA password is in
+dsa-passwords in the ca file.
+
If we have a complete management network, add the hostname from that to
the cert also, for instance gluck-ilo.debprivate-ftcollins.debian.org. If
the iLO has a public internet hostname or even just an IP address that we