HP BladeSystem bc2800 HP BladeSystem PC Blade Enclosure Integrated Administrat - Page 118
Creating a Certificate Request, Downloading a Security Certificate, Key-Based SSH Authentication
View all HP BladeSystem bc2800 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 118 highlights
Creating a Certificate Request To create a security certificate using the CLI, type: GENERATE CERTIFICATE REQUEST This command generates a PKCS#10 certificate request. This certificate request can be sent to your certification authority (CA) to obtain a PKCS#7 certificate file to use below. To create a self-signed security certificate using the CLI, type: GENERATE CERTIFICATE SELFSIGNED This command generates a self-signed PKCS#7 certificate to replace the existing SSL certificate. This certificate is signed with the current name of the enclosure and will be valid for 10 years. Users who do not have a certificate authority (CA) may use this certificate as a replacement. Downloading a Security Certificate To download a security certificate using the CLI, type: DOWNLOAD CERTIFICATE This command downloads a CA supplied PKCS#7 file to replace the current security certificate on the system. Supported protocols are http, ftp, and tftp. Format the URL as: protocol://host/path/file If your ftp server does not support anonymous connections, you can specify a username and password by replacing the host part in the previous format: username:password@host Key-Based SSH Authentication Users may install their own public SSH keys for password-less logins to the Integrated Administrators. Only enclosure administrators can use key-based authentication. The CLI features four commands to install and manage the authorized SSH keys. ▲ To view any current installed authorized SSH keys, type: SHOW SSHKEY This command shows any keys currently installed on the Integrated Administrator that are authorized to log in using an enclosure administrator account. ▲ To view the fingerprint of the Integrated Administrator host key, type: SHOW SSHFINGERPRINT This command shows the fingerprint of the host key for the Integrated Administrators. Users may compare this fingerprint with the fingerprint displayed by their SSH client when connecting to the Integrated Administrators to guarantee the authenticity of the Integrated Administrator connection. Users who need guaranteed authenticity will want to use the Integrated Administrator serial console to obtain the SSH fingerprint for the first time. ▲ To clear any currently installed authorized SSH keys, type: CLEAR SSHKEY This command clears any authorized keys currently installed on the Integrated Administrator that are authorized to log in. After this command has been issued, all users have to enter a valid password in order to log in. ▲ To download and install one or more SSH keys, type: DOWNLOAD SSHKEY 110 Chapter 8 Performing Advanced Functions ENWW