Setting up schema-free directory integration, Active directory prerequisites, Introduction to certificate services – HP Integrated Lights-Out 3 User Manual
Page 167: Installing certificate services, Verifying certificate services, Configuring automatic certificate request
Using schema-free directory integration has the following disadvantage:
•
Group privileges are administered on each iLO. However, this disadvantage has minimal
impact because group privileges rarely change, and the task of changing group membership
is administered in the directory and not on each iLO. HP provides tools that enable you to
make changes to a large number of iLOs at the same time.
Setting up schema-free directory integration
If you want to use the schema-free directory integration method, your system must meet the
prerequisites described in
“Active Directory prerequisites” (page 167)
Active Directory prerequisites
SSL must be enabled at the directory level. To enable SSL, install a certificate for the domain in
Active Directory. iLO communicates with the directory only over a secure SSL connection.
To validate the setup, you must have the directory DN of at least one user and the DN of a security
group that the user is a member of.
Introduction to Certificate Services
Certificate Services is used to issue signed digital certificates to network hosts. The certificates are
used to establish SSL connections with the host and verify the authenticity of the host.
Installing Certificate Services enables Active Directory to receive a certificate that allows iLO
processors to connect to the directory service. Without a certificate, iLO cannot connect to the
directory service.
Each directory service that you want iLO to connect to must be issued a certificate. If you install
an Enterprise Certificate Service, Active Directory can automatically request and install certificates
for all Active Directory controllers on the network.
Installing Certificate Services
Use the following procedure for Windows Server 2008:
1.
Navigate to Server Manager.
2.
Click Roles in the left pane.
3.
Click Add Roles.
4.
Select Active Directory Certificate Services.
5.
Follow the onscreen instructions. If you are not sure what values to use, accept the default
values.
Verifying Certificate Services
Because management processors communicate with Active Directory by using SSL, you must create
a certificate or install Certificate Services. You must install an enterprise CA because you will issue
certificates to objects in your organizational domain.
To verify that Certificate Services is installed, select Start
→Programs→Administrative
Tools
→Certification Authority. An error message appears if Certificate Services is not installed.
For information about the OIDs supported by iLO certificates, see
“OID support for certificates”
.
Configuring Automatic Certificate Request
To specify that a certificate be issued to the server:
1.
Select Start
→Run, and then enter mmc.
2.
Select File
→Add/Remove Snap-in.
3.
To add the snap-in to MMC, select Group Policy Object, and then click Add.
4.
Click Browse, and then select the Default Domain Policy object. Click OK.
Schema-free directory integration
167