Setting up a user for two-factor authentication – HP Integrated Lights-Out 2 User Manual
Page 48
19.
Click Apply to reset iLO 2. When iLO 2 attempts to go to the login page again, the browser
displays the Client Authentication page with a list of certificates that are available to the
system.
If the user certificate is not registered on the client machine, you will not see it in the list. The
user certificate must be registered on the client system before you can use it. If there are no
client certificates on the client system you might not see the Client Authentication page and
instead see a Page cannot be displayed error. To resolve the error, the client certificate must
be registered on the client machine. For more information on exporting and registering client
certificates, see the documentation for your smart card or contact your certificate authority.
20.
Select the certificate that was added to the user in iLO 2. Click OK.
21.
If prompted to do so, insert your smart card, or enter your PIN or password.
After completing the authentication process, you have access to iLO 2.
Setting up directory user accounts
1.
Obtain the public certificate from the CA that issues user certificates or smart cards in your
organization.
2.
Export the certificate in Base64-encoded format to a file on your desktop (for example,
CAcert.txt).
3.
Open the file in Notepad, select all the text, and copy the contents to the clipboard by pressing
the Ctrl+C keys.
4.
Log in to iLO 2, and browse to the Two-Factor Authentication Settings page.
5.
Click Import Trusted CA Certificate. Another page appears.
6.
Click inside the white text area so that your cursor is in the text area, and paste the contents
of the clipboard by pressing the Ctrl+V keys.
7.
Click Import Root CA Certificate. The Two-Factor Authentication Settings page appears again
with information displayed under Trusted CA Certificate Information.
8.
Change Enforce Two-Factor authentication to Yes.
9.
Change Certificate Revocation Checking to No (default).
10.
Change Certificate Owner Field to SAN. For more information, see
11.
Click Apply. iLO 2 is reset. When iLO 2 attempts to go to the login page again, the browser
displays the Client Authentication page with a list of certificates that are available to the
system.
12.
Select the certificate added to the user in iLO 2. Click OK.
13.
If prompted to do so, insert your smart card, or enter your PIN or password. The login page
appears with the e-mail address for the user in the Directory User field. You cannot change
the Directory User field.
14.
Enter the password for the directory user. Click Login.
After completing the authentication process, you have access to iLO 2. For more information on
configuring directory users and privileges, see
“Directory settings” (page 51)
Setting up a user for two-factor authentication
To authenticate a user with a local iLO 2 account, a certificate must be associated with the user's
local user name. On the Administration>Modify User page, if a certificate has been mapped to
the user, a thumbprint (an SHA1 hash of the certificate) appears with a button that removes the
certificate. If a certificate has not been mapped to the user, the following message displays, as
well as a button that starts the certificate import process:
Thumbprint: A certificate has NOT been mapped to this user
To set up a user for two-factor authentication and add a user certificate:
1.
Log in to iLO 2 using an account that has the Configure iLO 2 Settings privilege.
2.
Click Administration>User Administration. Select a user.
48
Configuring iLO 2