beautypg.com

Adding trusted certificates – HP Integrated Lights-Out 4 User Manual

Page 82

background image

4.

Configure iLO privileges for each role in the Single Sign-On Settings section.

When you log in to an HP SSO-compliant application, you are authorized based on your HP
SSO-compliant application role assignment. The role assignment is passed to iLO when SSO
is attempted. For more information about each privilege, see

“Administering users” (page 44)

.

SSO attempts to receive only the privileges assigned in this section. iLO directory settings do
not apply. Default privilege assignments are as follows:

User—Login only

Operator—Login, Remote Console, Power and Reset, and Virtual Media

Administrator—Login, Remote Console, Power and Reset, Virtual Media, Configure iLO,
and Administer Users

5.

Click Apply to save the SSO settings.

6.

If you selected Trust by Certificate or Trust by Name, add the trusted certificate or DNS name
to iLO.

For more information about adding certificates and DNS names, see

“Adding trusted

certificates” (page 82)

.

The certificate repository can hold five typical certificates. However, if typical certificates are
not issued, certificate sizes might vary. When all of the allocated storage is used, no more
imports are accepted.

7.

After you configure SSO in iLO, log in to an HP SSO-compliant application and browse to
iLO. For example, log in to HP SIM, navigate to the System page for the iLO processor, and
then click the iLO link in the More Information section.

NOTE:

Although a system might be registered as a trusted server, SSO might be refused

because of the current trust mode or certificate status. For example, if an HP SIM server name
is registered, and the trust mode is Trust by Certificate, but the certificate is not imported, SSO
is not allowed from that server. Likewise, if an HP SIM server certificate is imported, but the
certificate has expired, SSO is not allowed from that server. The list of trusted servers is not
used when SSO is disabled. iLO does not enforce SSO server certificate revocation.

Adding trusted certificates

iLO users who have the Configure iLO Settings privilege can install trusted certificates or add direct
DNS names.

The Base64-encoded X.509 certificate data resembles the following:

-----BEGIN CERTIFICATE-----

. . . several lines of encoded data . . .

-----END CERTIFICATE-----

To add trusted HP SSO records by using the iLO web interface:
1.

Navigate to the Administration

→Security→HP SSO page, as shown in

Figure 35 (page 81)

.

2.

Use one of the following methods to add a trusted certificate:

To directly import a trusted certificate, copy the Base64-encoded certificate X.509 data,
paste it into the text box above the Import Certificate button, and then click the button.

To indirectly import a trusted certificate, type the DNS name or IP address in the text box
above the Import Certificate from URL button, and then click the button. iLO contacts the
HP SSO-compliant application over the network, retrieves the certificate, and then saves
it.

To import the direct DNS name, enter the DNS name in the text box above the Import
Direct DNS Name button, and then click the button.

82

Configuring iLO

See also other documents in the category HP Computer Accessories: