Testing the eskm configuration – HP Integrated Lights-Out 4 User Manual
Page 244
2.
Enter the following information in the Key Manager Configuration section:
•
Group—The Local Group created on the ESKM for use with iLO user accounts and the
keys iLO imports into the ESKM. When keys are imported, they are automatically
accessible to all devices assigned to the same group.
•
ESKM Local CA Certificate Name (optional)—To ensure that iLO is communicating with a
trusted ESKM server, enter the name of the local certificate authority certificate in ESKM.
It is typically named Local CA and is listed in ESKM under Local CAs. iLO will retrieve
the certificate and use it to authenticate the ESKM server(s) for all transactions going
forward.
•
Login Name—The Local User name with administrator permissions that is configured on
the ESKM. This is the ESKM deployment user.
The deployment user account must be created before you add key manager configuration
details in iLO.
•
Password—The password for the Local User name with administrator permissions that is
configured on the ESKM.
3.
Click Update ESKM.
iLO verifies that an iLO account named ilo-<iLO MAC address> exists on the ESKM.
If the account exists, iLO verifies that the account password is correct. If the password is
incorrect, iLO updates the password. This password is automatically generated by iLO and
might have been changed if iLO was restored to the factory default settings. If the account
does not exist, iLO creates it.
If iLO is not a member of an ESKM Local Group, it will try to create a group with the requested
name. If iLO is already a member of an ESKM Local Group, it will ignore the group entered
in
, and will use the existing group assignment that is present on the ESKM. Attempted
group changes in iLO do not affect current key group permissions that are set on the ESKM.
If a new group assignment is needed, you must make the changes on the ESKM before updating
the iLO settings.
If you entered the ESKM Local CA Certificate Name in
, certificate information is listed
in the Imported Certificate Details section of the Enterprise Secure Key Manager page.
See the HP Secure Encryption Installation and User Guide for more information about groups and
their use with key management.
Testing the ESKM configuration
After the key manager configuration is complete in iLO, you can use the Test ESKM Connections
feature to verify the configuration settings. The tests confirm that iLO and the ESKM servers are set
up to provide key management services for HP Secure Encryption. During the test, iLO attempts
the following tasks:
•
Connects to the primary ESKM server (and secondary ESKM server, if configured) by using
SSL.
•
Tries to authenticate to the ESKM by using the configured credentials and account.
•
Confirms that the version of the ESKM software is compatible with iLO.
To test the ESKM configuration:
1.
Navigate to the Administration
→Key Manager page.
2.
Click Test ESKM Connections.
The test results are displayed in the Enterprise Secure Key Manager Events table.
244 Using iLO