Home » HP Manuals » Desktops » HP BladeSystem bc2800 » Manual Viewer

HP BladeSystem bc2800 HP BladeSystem PC Blade Enclosure Integrated Administrat - Page 118

Creating a Certificate Request, Downloading a Security Certificate, Key-Based SSH Authentication

View all HP BladeSystem bc2800 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 118 highlights

Creating a Certificate Request To create a security certificate using the CLI, type: GENERATE CERTIFICATE REQUEST This command generates a PKCS#10 certificate request. This certificate request can be sent to your certification authority (CA) to obtain a PKCS#7 certificate file to use below. To create a self-signed security certificate using the CLI, type: GENERATE CERTIFICATE SELFSIGNED This command generates a self-signed PKCS#7 certificate to replace the existing SSL certificate. This certificate is signed with the current name of the enclosure and will be valid for 10 years. Users who do not have a certificate authority (CA) may use this certificate as a replacement. Downloading a Security Certificate To download a security certificate using the CLI, type: DOWNLOAD CERTIFICATE This command downloads a CA supplied PKCS#7 file to replace the current security certificate on the system. Supported protocols are http, ftp, and tftp. Format the URL as: protocol://host/path/file If your ftp server does not support anonymous connections, you can specify a username and password by replacing the host part in the previous format: username:password@host Key-Based SSH Authentication Users may install their own public SSH keys for password-less logins to the Integrated Administrators. Only enclosure administrators can use key-based authentication. The CLI features four commands to install and manage the authorized SSH keys. ▲ To view any current installed authorized SSH keys, type: SHOW SSHKEY This command shows any keys currently installed on the Integrated Administrator that are authorized to log in using an enclosure administrator account. ▲ To view the fingerprint of the Integrated Administrator host key, type: SHOW SSHFINGERPRINT This command shows the fingerprint of the host key for the Integrated Administrators. Users may compare this fingerprint with the fingerprint displayed by their SSH client when connecting to the Integrated Administrators to guarantee the authenticity of the Integrated Administrator connection. Users who need guaranteed authenticity will want to use the Integrated Administrator serial console to obtain the SSH fingerprint for the first time. ▲ To clear any currently installed authorized SSH keys, type: CLEAR SSHKEY This command clears any authorized keys currently installed on the Integrated Administrator that are authorized to log in. After this command has been issued, all users have to enter a valid password in order to log in. ▲ To download and install one or more SSH keys, type: DOWNLOAD SSHKEY 110 Chapter 8 Performing Advanced Functions ENWW

Section	Page
About this guide	9
Audience assumptions	9
Important Safety Information	9
Symbols on Equipment	9
Related Documents	10
Getting help	10
Contact HP	10
Support and Troubleshooting	10
HP Web Site	10
Reader Comments	11
HP PC Blade Enclosure System Software Features	12
HP PC Blade Enclosure Integrated Administrator	12
Integrated Administrator Features	12
Dedicated LAN network connectivity	12
SNMP alerts from Integrated Administrator to a management console	13
E-mail alerts from Integrated Administrator to an e-mail account (AlertMail)	13
Remote access and control	13
User administration and security	13
Automatic network configuration	14
Automatic time configuration (NTP)	14
Integration with the HP Systems Insight Manager utility	14
Event Notification	14
Status Information	14
Overview of HP BladeSystem Software Tools	15
ROM-Based Setup Utility (RBSU)	15
Headless operation	15
ProLiant Essentials Rapid Deployment Pack	15
HP Systems Insight Manager	15
HP Blade PC Automatic System Recovery (ASR-2)	15
Enclosure Self Recovery (ESR)	15
HP PC Blade Enclosure Management System and Utilities	15
Getting Started	17
Reviewing Configuration Tools and Information	17
Identifying Integrated Administrator Components	18
Determining the Integrated Administrator’s Initial IP Address	18
Requirements for Local Client Devices	19
Default Values for the Integrated Administrator	19
Determining the IP Address using the Local Console	19
Setting Up the Web-Based User Interface	21
Additional Steps	23
Help	23
Web Browser Interface	24
Accessing the Web-based User Interface	25
Web-Based Navigation	25
Top panel	25
Left panel	26
Deck panel	27
Enclosure Tab	28
Enclosure Information	28
Network Configuration	32
SNMP Configuration	34
Power Readings	36
Virtual Buttons	36
System Log	37
Bays Tab	39
Bay List	39
Bay Information	40
Remote Console	42
Virtual Buttons	43
Console Log	45
Administration Tab	46
User List	46
Group List	47
Add User	48
Add Group	49
View/Modify User	51
View/Modify Group	51
Event List Tab	52
Interconnect Tab	54
Command Line Interface	56
Accessing the Command Line Interface	57
Accessing Remotely through the Management Connector	57
Accessing Locally through the Console Connector	57
Operating the Command Line Interface	58
General Commands	58
General Management Commands	58
User Account Commands	60
Enclosure Network Configuration Commands	63
Enclosure Management Commands	65
Blade PC Bay Management Commands	68
Command Line Event Messages	69
Functionality Exclusive to the Command Line Interface	71
Setting Up the System	75
User Permissions	76
Customizing the Enclosure Settings	77
Modifying Enclosure and Rack Names	77
Modifying the Asset Tag Number	78
Modifying the Date and Time	79
Setting Up User Accounts	81
Adding a Group	81
Adding a User	83
Enabling Remote Console Sessions to Blade PCs	87
Setting Up AlertMail	88
E-mail Alerts	88
Setting Up IP Security	91
Setting Up Automatic Time Configuration (NTP)	92
Configuring SNMP Support	93
Entering a Community String	93
Modifying the System Location	94
Modifying the System Contact Information	94
Adding Trap Targets	94
Removing Trap Targets	95
Performing Common Administrative Tasks	96
Managing Blade PC Bays	96
Opening a Remote Console Session to a Blade PC	96
Accessing the ROM-Based Setup Utility for a blade PC	97
Reviewing Activity for a Blade PC	99
Powering Off the Blade PC	99
Identifying a Blade PC Using the Unit Identification LED	100
Managing the Enclosure	102
Reviewing the Activity of the Enclosure	102
Identifying the Enclosure Using the Unit Identification LED	103
Generating an Enclosure Summary	104
Identifying Problem Components	106
Managing Users	111
Modifying a User’s Rights to Blade PC Bays	111
Creating a New Group with the Updated Access Rights	111
Modifying Group Rights to Blade PC Bays	111
Disabling and Deleting User Accounts	112
Deleting a User Account	113
Deleting Group Accounts	114
Performing Advanced Functions	116
Replicating the Configuration of the Integrated Administrator	117
Administering Security Certificates	117
Creating a Certificate Request	118
Downloading a Security Certificate	118
Key-Based SSH Authentication	118
Configuring Blade PC Boot Order	119
Powering Off the Enclosure	120
Disabling Network Protocols	121
Upgrading the Integrated Administrator Firmware	122
Recovering a Lost Administrator Password	122
Launching Flash Disaster Recovery	123
Command Line Conventions	126
Error Messages	127
Warning Messages	127
Enclosure Warning Messages	127
Blade PC Warning Messages	127
Administration Warning Messages	128
Error Messages	129
Enclosure Error Messages	129
Blade PC Bay Error Messages	129
Administration Error Messages	129
Troubleshooting	132
Event Icons and Details	134
Factory Default Settings	136
Enclosure	136
Users	136
Groups	137
Network	137
Protocol	137
Time Zone Settings	138
Universal	138
Africa	139
Asia	139
Europe	140
Oceania	141
Polar	142
Americas	142
Open Source Availability	144

Match case Limit results 1 per page

Creating a Certificate Request

To create a security certificate using the CLI, type:

GENERATE CERTIFICATE REQUEST

This command generates a PKCS#10 certificate request. This certificate request can be sent to your

certification authority (CA) to obtain a PKCS#7 certificate file to use below.

To create a self-signed security certificate using the CLI, type:

GENERATE CERTIFICATE

SELFSIGNED

This command generates a self-signed PKCS#7 certificate to replace the existing SSL certificate. This

certificate is signed with the current name of the enclosure and will be valid for 10 years. Users who do

not have a certificate authority (CA) may use this certificate as a replacement.

Downloading a Security Certificate

To download a security certificate using the CLI, type:

DOWNLOAD CERTIFICATE <url>

This command downloads a CA supplied PKCS#7 file to replace the current security certificate on the

system.

Supported protocols are http, ftp, and tftp. Format the URL as: protocol://host/path/file

If your ftp server does not support anonymous connections, you can specify a username and password

by replacing the host part in the previous format:

username:password@host

Key-Based SSH Authentication

Users may install their own public SSH keys for password-less logins to the Integrated Administrators.

Only enclosure administrators can use key-based authentication. The CLI features four commands to

install and manage the authorized SSH keys.

▲

To view any current installed authorized SSH keys, type:

SHOW SSHKEY

This command shows any keys currently installed on the Integrated Administrator that are

authorized to log in using an enclosure administrator account.

▲

To view the fingerprint of the Integrated Administrator host key, type:

SHOW SSHFINGERPRINT

This command shows the fingerprint of the host key for the Integrated Administrators. Users may

compare this fingerprint with the fingerprint displayed by their SSH client when connecting to the

Integrated Administrators to guarantee the authenticity of the Integrated Administrator connection.

Users who need guaranteed authenticity will want to use the Integrated Administrator serial console

to obtain the SSH fingerprint for the first time.

▲

To clear any currently installed authorized SSH keys, type:

CLEAR SSHKEY

This command clears any authorized keys currently installed on the Integrated Administrator that

are authorized to log in. After this command has been issued, all users have to enter a valid

password in order to log in.

▲

To download and install one or more SSH keys, type:

DOWNLOAD SSHKEY <url>

110

Chapter 8

Performing Advanced Functions

ENWW