Supported ssl options, Using ssl, Ssh overview – HP Lights-Out 100 Remote Management User Manual

Page 12

Advertising
background image

Using Integrated Lights-Out 100 12

Lights-Out 100 requires a 2048-bit DSA key stored in PEM (base 64 encoded) format to be located on a
TFTP server. For example, use the following instructions using the Win32 OpenSSL, downloaded from the
Shining Light Productions website (

http://www.slproweb.com/products/Win32OpenSSL.html

). Use the

following commands in a DOS window to generate the certificate:

1.

Download Win32 OpenSSL.

2.

Install and setup OpenSSL.

3.

Using OpenSSL, generate a DSA parameters file:
openssl dsaparam -out server_dsaparam.pem 2048

4.

Generate the DSA private key file, called server_privkey.pem:
openssl gendsa -out server_privkey.pem server_dsaparam.pem

5.

Generate the DSA certificate (public key) file, called server_cacert.pem:
openssl req -new -x509 -key sshkey -out server_cacert.pem -days 1095

6.

When prompted for a distinguished name, respond with an appropriate domain name for the
server(s) that will receive the certificate.

7.

After a certificate has been created and copied to a TFTP server accessible on the same network as
the Lights-Out 100, use the CLP interface to log into the Lights-Out 100 as administrator, and issue
the command to upload and install the certificate (the following commands can also be found in the
/map1 directory):
load -source <URI> -oemhpfiletype cer

<URI>—//tftpserver IP/path/filename to be downloaded

tftpserver—the URL or IP address of the TFTP server containing the certificate

filename—the file name of the certificate file

Supported SSL options

The remote management processor supports version SSLv3/TLSv1 of the protocol. The supported
algorithms are:

Algorithm Supported

version

Symmetric cyphers

DES, 3DES, AES

Asymmetrical encryption Diffie-Hellman, DSA

Symmetric modes

CBC

Hash algorithms

SHA, SHA1

MAC algorithm

HMAC-SHA

Certificates X.509v3

Using SSL

If you cannot access the login page, you must verify the SSL encryption level of your browser is set to 128
bits. The SSL encryption level within the management processor is set to 128 bits and cannot be changed.
The browser and management processor encryption levels must be the same.

SSH overview

SSH is a telnet-like program for logging into and for executing commands on a remote machine, which
includes security with authentication, encryption, and data integrity features. The ProLiant ML110 G3

Advertising
This manual is related to the following products:

ProLiant ML110 G3 Server

Popular Brands
Popular manuals