Home » Lenovo Manuals » Desktops » Lenovo RD220 » Manual Viewer

Lenovo RD220 User Guide - Page 49

Enabling SSL for the secure Web server, SSL client certificate management, Import a Signed Certificate

UPC - 884942047961

Add to My Manuals
Save this manual to your list of manuals

Page 49 highlights

openssl req -in csr.der -inform DER -out csr.pem -outform PEM 7. Send the certificate-signing request to your certificate authority. When the certificate authority returns your signed certificate, you might have to convert the certificate to DER format. (If you received the certificate as text in an e-mail or a Web page, it is probably in PEM format.) You can change the format using a tool that is provided by your certificate authority or using a tool such as OpenSSL (http://www.openssl.org). The command for converting a certificate from PEM to DER format is similar to the following example: openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER Go to step 8 after the signed certificate is returned from the certificate authority. 8. In the navigation pane, click Security. Scroll to the SSL Server Certificate Management area. 9. Click Import a Signed Certificate. 10. Click Browse. 11. Click the certificate file that you want and then click Open. The file name (including the full path) is displayed in the field next to the Browse button. 12. Click Import Server Certificate to begin the process. A progress indicator is displayed as the file is transferred to storage on the IMM. Continue to display this page until the transfer is completed. Enabling SSL for the secure Web server Note: To enable SSL, a valid SSL certificate must be installed. Complete the following steps to enable the secure Web server: 1. In the navigation pane, click Security. The page that is displayed shows that a valid SSL server certificate is installed. If the SSL server certificate status does not show that a valid SSL certificate is installed, go to "SSL server certificate management" on page 40. 2. Scroll to the SSL Server Configuration for Web Server area, select Enabled in the SSL Client field, and then click Save. The selected value takes effect the next time the IMM is restarted. SSL client certificate management The SSL client requires that a valid certificate and corresponding private encryption key be installed before SSL is enabled. Two methods are available for generating the private key and required certificate: using a self-signed certificate, or using a certificate signed by a certificate authority. The procedure for generating the private encryption key and certificate for the SSL client is the same as the procedure for the SSL server, except that you use the SSL Client Certificate Management area of the Security Web page instead of the SSL Server Certificate Management area. If you want to use a self-signed certificate for the SSL client, see "Generating a self-signed certificate" on page 40. If you want to use a certificate authority signed certificate for the SSL client, see "Generating a certificate-signing request" on page 40. SSL client trusted certificate management The secure SSL client (LDAP client) uses trusted certificates to positively identify the LDAP server. A trusted certificate can be the certificate of the certificate authority that signed the certificate of the LDAP server, or it can be the actual Chapter 3. Configuring the IMM 43

Section	Page
Contents	5
Chapter 1. Introduction	7
IMM features	8
Upgrading from IMM Standard to IMM Premium	9
Comparing the IMM to other systems-management hardware in ThinkServer servers	9
Web browser and operating-system requirements	13
Notices used in this book	13
Chapter 2. Opening and using the IMM Web interface	15
Accessing the IMM Web interface	15
Setting up the IMM network connection through the Server Firmware Setup Utility	15
Logging in to the IMM	16
IMM action descriptions	17
Chapter 3. Configuring the IMM	21
Setting system information	21
Setting server timeouts	22
Setting the IMM date and time	23
Synchronizing clocks in a network	24
Disabling the USB in-band interface	25
Creating a login profile	26
Deleting a login profile	29
Configuring the global login settings	29
Configuring remote alert settings	30
Configuring remote alert recipients	30
Configuring global remote alert settings	31
Configuring SNMP alert settings	32
Configuring serial port settings	32
Serial-to-Telnet or SSH redirection	33
Configuring port assignments	34
Configuring network interfaces	34
Configuring network protocols	37
Configuring SNMP	37
Configuring DNS	38
Configuring Telnet	39
Configuring SMTP	39
Configuring LDAP	39
Setting up a client to use the LDAP server	39
Configuring LDAP client authentication	42
Configuring LDAP search attributes	42
Service Location Protocol (SLP)	44
Configuring security	44
Secure Web server and secure LDAP	45
SSL certificate overview	45
SSL server certificate management	46
Generating a self-signed certificate	46
Generating a certificate-signing request	46
Enabling SSL for the secure Web server	49
SSL client certificate management	49
SSL client trusted certificate management	49
Enabling SSL for the LDAP client	50
Configuring the Secure Shell server	50
Generating a Secure Shell server key	51
Enabling the Secure Shell server	51
Using the Secure Shell server	51
Using the configuration file	51
Backing up your current configuration	52
Restoring and modifying your IMM configuration	52
Restoring defaults	53
Restarting IMM	53
Logging off	54
Chapter 4. Monitoring server status	55
Viewing system status	55
Viewing the Easy LED Diagnostics	58
Viewing the event logs	58
Viewing the system-event log from the Web interface	59
Viewing event logs from the Setup Utility	60
Viewing event logs without restarting the server	60
Viewing vital product data	61
Chapter 5. Performing IMM tasks	63
Viewing server power and restart activity	63
Controlling the power status of a server	63
Remote presence	64
Updating your IMM firmware and Java applet	65
Enabling the remote presence function	65
Remote control	65
Remote control screen capture	66
Remote control Video Viewer view modes	66
Remote control video color mode	67
Remote control keyboard support	67
International keyboard support	67
Keyboard pass-through mode	68
Remote control mouse support	68
Absolute and relative mouse control	68
Single cursor mode	69
Remote power control	70
Viewing performance statistics	70
Starting Remote Desktop Protocol	70
Remote disk	70
Accessing the Remote Control	71
Mapping and unmapping drives with IMM firmware version 1.03 and later	71
Mapping and unmapping drives with IMM firmware version 1.02 and earlier	72
Exiting Remote Control	72
Setting up PXE network boot	72
Updating firmware	73
Resetting the IMM with the Setup Utility	73
Managing tools and utilities with IMM and the server firmware	74
Using IPMItool	74
Using Advanced Settings Utility (ASU)	74
Other methods for managing the IMM	74
Chapter 6. LAN over USB	77
Potential conflicts with the LAN over USB interface	77
Configuring the LAN over USB interface manually	77
Installing device drivers	77
Installing the Windows IPMI device driver	77
Installing the LAN over USB Windows device driver	78
Installing the LAN over USB Linux device driver	79
Chapter 7. Command-line interface	81
Managing the IMM using IPMI	81
Accessing the command line	81
Logging in to the command-line session	81
Command syntax	82
Features and limitations	82
Utility commands	83
exit command	83
Description	83
help command	83
Description	83
history command	84
Description	84
Example	84
Monitor commands	84
clearlog command	84
Description	84
fans command	84
Description	84
Example	84
readlog command	85
Syntax	85
Description	85
Example	85
syshealth command	85
Description	85
Example	85
temps command	85
Description	85
Example	85
volts command	86
Description	86
Example	86
vpd command	86
Syntax	86
Description	86
Example	87
Server power and restart control commands	87
power command	87
Syntax	87
Description	87
reset command	87
Syntax	87
Description	87
Serial redirect command	87
console command	87
Syntax	87
Description	88
Configuration commands	88
dhcpinfo command	88
Syntax	88
Description	88
Example	88
ifconfig command	89
Syntax	89
Description	89
Example	89
ldap command	90
Syntax	90
Description	90
ntp command	91
Syntax	91
Description	91
Example	92
passwordcfg command	92
Syntax	92
Description	92
Example	92
portcfg command	93
Syntax	93
Description	93
Example	93
srcfg command	93
Syntax	93
Description	93
Example	94
ssl command	94
Syntax	94
Description	94
Parameters	94
timeouts command	95
Syntax	95
Description	95
Example	95
usbeth command	96
Syntax	96
Description	96
Example	96
users command	96
Syntax	96
Description	96
Example	97
IMM control commands	97
clearcfg command	97
Description	97
clock command	98
Syntax	98
Description	98
Example	98
identify command	98
Syntax	98
Description	98
Example	98
resetsp command	99
Description	99
update command	99
Syntax	99
Description	99
Example	100
Appendix A. Getting help and technical assistance	101
Before you call	101
Using the documentation	101
Getting help and information from the World Wide Web	102
Calling for service	102
Using other services	103
Purchasing additional services	103
Lenovo product service	103
Appendix B. Notices	105
Trademarks	106
Important notes	106
Product recycling and disposal	107
Compliance with Republic of Turkey Directive on the Restriction of Hazardous Substances	108
Recycling statements for Japan	109
Battery return program	109
German Ordinance for Work gloss statement	111
Electronic emission notices	111
Federal Communications Commission (FCC) statement	111
Industry Canada Class A emission compliance statement	111
Avis de conformité à la réglementation d′Industrie Canada	111
Australia and New Zealand Class A statement	111
United Kingdom telecommunications safety requirement	111
European Union EMC Directive conformance statement	112
Germany Class A compliance statement	112
Japan Voluntary Control Council for Interference (VCCI) statement	113
Taiwan Class A warning statement	113
People′s Republic of China Class A warning statement	114
Korea Class A warning statement	114
Index	115
A	115
B	115
C	115
D	115
E	115
F	115
G	115
H	115
I	115
J	116
K	116
L	116
M	116
N	116
O	116
P	116
R	116
S	116
T	117
U	117
V	117

Match case Limit results 1 per page

openssl req -in csr.der -inform DER -out csr.pem -outform PEM

Send the certificate-signing request to your certificate authority. When the

certificate authority returns your signed certificate, you might have to convert

the certificate to DER format. (If you received the certificate as text in an

e-mail or a Web page, it is probably in PEM format.) You can change the

format using a tool that is provided by your certificate authority or using a

tool such as OpenSSL (http://www.openssl.org). The command for converting

a certificate from PEM to DER format is similar to the following example:

openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER

Go to step 8 after the signed certificate is returned from the certificate

authority.

In the navigation pane, click

Security

. Scroll to the

SSL Server Certificate

Management

area.

Click

Import a Signed Certificate

10.

Click

Browse

11.

Click the certificate file that you want and then click

Open

. The file name

(including the full path) is displayed in the field next to the

Browse

button.

12.

Click

Import Server Certificate

to begin the process. A progress indicator is

displayed as the file is transferred to storage on the IMM. Continue to display

this page until the transfer is completed.

Enabling SSL for the secure Web server

Note:

To enable SSL, a valid SSL certificate must be installed.

Complete the following steps to enable the secure Web server:

In the navigation pane, click

Security

. The page that is displayed shows that a

valid SSL server certificate is installed. If the SSL server certificate status does

not show that a valid SSL certificate is installed, go to “SSL server certificate

management” on page 40.

Scroll to the

SSL Server Configuration for Web Server

area, select

Enabled

the

SSL Client

field, and then click

Save

. The selected value takes effect the

next time the IMM is restarted.

SSL client certificate management

The SSL client requires that a valid certificate and corresponding private

encryption key be installed before SSL is enabled. Two methods are available for

generating the private key and required certificate: using a self-signed certificate,

or using a certificate signed by a certificate authority.

The procedure for generating the private encryption key and certificate for the SSL

client is the same as the procedure for the SSL server, except that you use the

SSL

Client Certificate Management

area of the Security Web page instead of the

SSL

Server Certificate Management

area. If you want to use a self-signed certificate for

the SSL client, see “Generating a self-signed certificate” on page 40. If you want to

use a certificate authority signed certificate for the SSL client, see “Generating a

certificate-signing request” on page 40.

SSL client trusted certificate management

The secure SSL client (LDAP client) uses trusted certificates to positively identify

the LDAP server. A trusted certificate can be the certificate of the certificate

authority that signed the certificate of the LDAP server, or it can be the actual

Chapter 3. Configuring the IMM