HP (Hewlett-Packard) HP Integrated Lights-Out ユーザーズマニュアル
140
User Guide Integrated Lights-Out
Certificates
By default, iLO creates a self-signed certificate for use in SSL connections. This
certificate enables the iLO to work without any additional configuration steps.
The security features of the iLO can be enhanced by importing a trusted
certificate.
certificate enables the iLO to work without any additional configuration steps.
The security features of the iLO can be enhanced by importing a trusted
certificate.
•
•
Create Certificate Request—iLO can create a CR (in PKCS #10 format),
which can be sent to a CA. This certificate request is base64 encoded. A CA
processes this request and returns a response (X.509 certificate) that can be
imported into iLO.
which can be sent to a CA. This certificate request is base64 encoded. A CA
processes this request and returns a response (X.509 certificate) that can be
imported into iLO.
The CR contains a public/private key pair that is used for validation of
communications between the client browser and iLO. The generated CR is
held in memory until either a new CR is generated, a certificate is imported
by this process, or the iLO is reset, which means you can generate the CR
and copy it to the client clipboard, leave the iLO website to retrieve the
certificate, then return to import the certificate.
communications between the client browser and iLO. The generated CR is
held in memory until either a new CR is generated, a certificate is imported
by this process, or the iLO is reset, which means you can generate the CR
and copy it to the client clipboard, leave the iLO website to retrieve the
certificate, then return to import the certificate.
When submitting the request to the CA, be sure to:
−
Use the iLO name as listed on the System Status screen as the URL for
the server.
the server.
−
Request the certificate be generated in the RAW format.
−
Include the
Begin
and
End
certificate lines.
Every time you click Create Certificate Request, a new certificate request
is generated even though the iLO name is same.
is generated even though the iLO name is same.
Import Certificate—If you are returning to the Create Certificate Request
page with a certificate to import, click Import Certificate to go directly to
the Certificate Import screen without generating a new CR. This is important
in that a given certificate only works with the keys contained in the CR from
which the certificate was generated. If the iLO has been reset or another CR
has been generated since the CR that was used to request the certificate was
generated, then another CR must be generated and a new certificate procured
from the CA.
page with a certificate to import, click Import Certificate to go directly to
the Certificate Import screen without generating a new CR. This is important
in that a given certificate only works with the keys contained in the CR from
which the certificate was generated. If the iLO has been reset or another CR
has been generated since the CR that was used to request the certificate was
generated, then another CR must be generated and a new certificate procured
from the CA.