Creating a certificate – HP Lights-Out 100 Remote Management User Manual

Page 49

Advertising
background image

NOTE:

When you use the CLP load command with TFTPD32, HP recommends using a 4-second

timeout and 10 retries.

NOTE:

When using the CLP load command in Linux set the timeout to 4000000. The firewall

built into some Linux systems might not allow the TFTP server to send and receive information.
You might have to disable the firewall to allow these connections. If you are experiencing firewall
issues, change the firewall settings to allow connections on port 69 (the default port for TFTP
servers). See your firewall documentation for additional information.

Creating a certificate

LO100 requires a 1,024-bit DSA key stored in PEM (Base64-encoded) format to be located on a
TFTP server. For example, the following process uses Win32 OpenSSL, downloaded from the
Shining Light Productions website (

http://www.slproweb.com/products/Win32OpenSSL.html

),

and the commands issued in a DOS window to generate the certificate. To generate a certificate
using Win32 OpenSSL:

1.

Download Win32 OpenSSL.

2.

Install and set up OpenSSL.

3.

Using OpenSSL, generate a DSA parameters file:

openssl dsaparam -out server_dsaparam.pem 1024

4.

Generate the DSA private key file, called server_privkey.pem:

openssl gendsa -out server_privkey.pem server_dsaparam.pem

5.

Generate the DSA certificate (public key) file, called server cacert.pem:

openssl req -new -x509 -key server_privkey.pem -out server_cacert.pem -days 1095

6.

When prompted for a distinguished name, enter an appropriate domain name for the servers
that will be receiving the certificate.

7.

After creating the certificate, copy it to a TFTP server that is accessible on the same network
as LO100.

Before importing a certificate or key, you must disconnect from any remote KVMS sessions.
Importing a key or certificate will disconnect your session and reset the LO100 processor. After
importing a key or certificate and LO100 confirms a successful upload, you must log back into
LO100.

Installing a certificate or private key through a web browser

The Security Settings page enables you to install new keys and certificates for SSL and SSH
connections.

Importing a certificate

49

Advertising
This manual is related to the following products:

ProLiant DL160se G6 Server, ProLiant SL170z G6 Server, ProLiant ML150 G6 Server, ProLiant DL180 G6 Server, ProLiant SL160z G6 Server, ProLiant ML110 G6 Server, ProLiant SL2x170z G6 Server, ProLiant DL170h G6 Server, ProLiant DL160 G6 Server, ProLiant DL120 G6 Server

Popular Brands
Popular manuals