beautypg.com

Importing a certificate, Creating a certificate, Setu – HP Lights-Out 100 Remote Management User Manual

Page 21

background image

Using LO100 21

o

putty.exe -load "session name"

Importing a certificate

If you do not want to use the preinstalled public key (certificate), create and install your own private key

(certificate). Importing a key or certificate is a one-time procedure that supports both SSH and SSL. The

key must be generated using external third-party software, placed on a TFTP server, and uploaded to the

LO100. For Microsoft® Windows®, if you do not have a TFTP software package, use TFTPD32.EXE,
which is available on the Internet. Linux generally has a TFTP server installed with the operating system. If

it is not, see your Linux documentation for more information.

NOTE:

When you use the CLP

load

command with TFTPD32, HP recommends using a 30-

second timeout and 6 retries.

NOTE:

When using the CLP

load

command in Linux set the timeout to 15000000. The

firewall built into some Linux systems might not allow the TFTP server to send and receive

information. You might have to disable the firewall to allow these connections. If you are

experiencing firewall issues, change the firewall settings to allow connections on port 69 (the
default port for TFTP servers). See your firewall documentation for additional information.

Creating a certificate

LO100 requires a 1,024-bit DSA key stored in PEM (Base64-encoded) format to be located on a TFTP

server. For example, the following process uses Win32 OpenSSL, downloaded from the Shining Light

Productions website (

http://www.slproweb.com/products/Win32OpenSSL.html

), with the commands

issued in a DOS window to generate the certificate. To generate a certificate using Win32 OpenSSL:

1.

Download Win32 OpenSSL.

2.

Install and set up OpenSSL.

3.

Using OpenSSL, generate a DSA parameters file:

openssl dsaparam -out server_dsaparam.pem 1024

4.

Generate the DSA private key file, called server_privkey.pem:

openssl gendsa -out server_privkey.pem server_dsaparam.pem

5.

Generate the DSA certificate (public key) file, called server cacert.pem:

openssl req -new -x509 -key server_privkey.pem -out server_cacert.pem -
days 1095

6.

When prompted for a distinguished name, enter an appropriate domain name for the servers
receiving the certificate.

7.

After creating the certificate, copy it to a TFTP server that is accessible on the same network as
LO100.

Installing a certificate or private key through the CLP

To install the certificate, log in to LO100 as administrator through the CLP interface and issue the load

command to upload and install the certificate. For example:

load -source -oemhpfiletype cer

where:

This manual is related to the following products: