Introduction to certificate services, Installing certificate services, Verifying certificate services – HP Integrated Lights-Out User Manual

Directory services 139

To validate the setup, you should have the directory distinguished name for at least one user and the

distinguished name of a security group the user is a member of.

Introduction to certificate services

Certificate Services are used to issue signed digital certificates to network hosts. The certificates are used

to establish SSL connections with the host and verify the authenticity of the host.
Installing Certificate Services allows Active Directory to receive a certificate that allows Lights-Out

processors to connect to the directory service. Without a certificate, iLO 2 cannot connect to the directory

server.
Each directory server that you want iLO 2 to connect to must be issued a certificate. If you install an

Enterprise Certificate Service, Active Directory can automatically request and install certificates for all of

the Active Directory controllers on the network.

Installing certificate services

1.

Select Start>Settings>Control Panel.

2.

Double-click Add/Remove Programs.

3.

Click Add/Remove Windows Components to start the Windows Components wizard.

4.

Select the Certificate Services check box. Click Next.

5.

Click OK at the warning that the server cannot be renamed. The Enterprise root CA option is
selected because there is no CA registered in the active directory.

6.

Enter the information appropriate for your site and organization. Accept the default time period of
two years for the Valid for field. Click Next.

7.

Accept the default locations of the certificate database and the database log. Click Next.

8.

Browse to the c:\I386 folder when prompted for the Windows® 2000 Advanced Server CD.

9.

Click Finish to close the wizard.

Verifying certificate services

Because management processors communicate with Active Directory using SSL, you must create a

certificate or install Certificate Services. You must install an enterprise CA because you will be issuing

certificates to objects within your organizational domain.
To verify that certificate services is installed, select Start>Programs>Administrative Tools>Certification

Authority. If Certificate Services is not installed an error message appears.

Configuring Automatic Certificate Request

To specify that a certificate be issued to the server:

1.

Select Start>Run, and enter mmc.

2.

Click Add.

3.

Select Group Policy, and click Add to add the snap-in to the MMC.

4.

Click Browse, and select the Default Domain Policy object. Click OK.

5.

Select Finish>Close>OK.

6.

Expand Computer Configuration>Windows Settings>Security Settings>Public Key Policies.