HP Xw460c HP Integrated Lights-Out 2 User Guide for Firmware 1.75 and 1.77 - Page 46
Two-factor authentication, Serial Command Line Interface Status: Disabled
View all HP Xw460c manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 46 highlights
Base64-encoded. A CA processes this request and returns a response (X.509 certificate) that can be imported into iLO 2. The CR contains a public/private key pair that validates communications between the client browser and iLO 2. The generated CR is held in memory until a new CR is generated, iLO 2 is reset, or a certificate is imported by the generation process. You can generate the CR and copy it to the client clipboard, leave the iLO 2 website to retrieve the certificate, and then return to import the certificate. When submitting the request to the CA, be sure to perform the following tasks: a. Use the iLO 2 name as listed on the System Status screen as the URL for the server. b. Request that the certificate is generated in the RAW format. c. Include the Begin and End certificate lines. Every time you click Create Certificate Request, a new certificate request is generated, even though the iLO 2 name is the same. • Import Certificate-Use this button when you are returning to the Certificate Administration page with a certificate to import. Click Import Certificate to go directly to the Certificate Import screen without generating a new CR. A certificate only works with the keys generated for the original CR from which the certificate was generated. If iLO 2 has been reset, or another CR was generated since the original CR was submitted to a CA, then a new CR must be generated and submitted to the CA. You can create a CR or import an existing certificate using RIBCL XML commands. These commands enable you to script and automate certificate deployment on iLO 2 servers instead of manually deploying certificates through the browser interface. For more information, see HP Integrated Lights-Out Management Processor Scripting and Command Line Resource Guide. Two-factor authentication Access to iLO 2 requires user authentication. This firmware release provides an enhanced authentication scheme for iLO 2 using two factors of authentication: a password or PIN, and a private key for a digital certificate. Using two-factor authentication requires that you verify your identity by providing both factors. You can store your digital certificates and private keys wherever you choose, for example, on a smart card, USB token, or hard drive. The Two-Factor Authentication tab enables you to configure security settings and review, import, or delete a trusted CA certificate. The Two-Factor Authentication Enforcement setting controls whether two-factor authentication is used for user authentication during login. To require two-factor authentication, click Enabled. To turn off the two-factor authentication requirement and allow login with user name and password only, click Disabled. You cannot change the setting to Enabled if a trusted CA certificate is not configured. To provide the necessary security, the following configuration changes are made when twofactor authentication is enabled: • Telnet Access: Disabled • Secure Shell (SSH) Access: Disabled • Serial Command Line Interface Status: Disabled If telnet, SSH, or Serial CLI access is required, re-enable these settings after two-factor authentication is enabled. However, because these access methods do not provide a means of two-factor authentication, only a single factor is required to access iLO 2 with telnet, SSH, or Serial CLI. Configuring iLO 2 46