Adding hp sim trusted servers – HP Integrated Lights-Out 2 User Manual

Page 56

Advertising
background image

for certificates and iLO 2 server names. When the allocated storage is used, no more imports
are accepted.

After setting up SSO in iLO 2, log in to HP SIM, locate the LOM processor, select Tools>System
Information>iLO as... HP SIM launches a new browser that is logged in to the LOM management
processor.

Adding HP SIM trusted servers

You can install HP SIM server certificates using scripting that is suitable for mass deployment. For
more information, see the HP Integrated Lights-Out Management Processor Scripting and Command
Line Resource Guide at

http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?

contentType=SupportManual&lang=en&cc=us&docIndexId=64179&taskId=135&
prodTypeId=18964&prodSeriesId=1146658

. To add HP SIM server records using a browser:

1.

Click Administration>Security>HP SIM SSO.

2.

Click Add an HP SIM Server.

3.

To authenticate the server, choose one of the following:

To add an HP SIM server using Trust by Name authentication, enter the full network name
of the HP SIM server in the Add a Trusted HP SIM Server Name section. Click Add Server
Name.

Trust by Name authentication uses fully qualified domain names; for example,
sim-host.hp.com

instead of sim-host. If you are unsure of the fully qualified domain

name, use the nslookup host command.

To retrieve and import a certificate from a trusted HP SIM server, enter the full network
name of an HP SIM Server in the Retrieve and import a certificate from a trusted HP SIM
Server section. Click Import Certificate to request the certificate from the HP SIM server
and automatically import it. This record supports SSO Trust by Name and SSO Trust by
Certificate.

To prevent any certificate tampering directly import an HP SIM server certificate. To
directly import an HP SIM server certificate, retrieve the HP SIM certificate date using one
of the following options:

Using a separate browser window, browse to the HP SIM server at

http://<sim

network address>:280/GetCertificate

.

Cut and paste the certificate data from HP SIM into iLO 2.

Export the HP SIM server certificate from the HP SIM user interface by selecting
Options>Security>Certificates>Server Certificate. Open the file using a text editor,
and copy and paste all the certificate raw data into iLO 2.

Using command-line tools on the HP SIM server, the HP SIM certificate can be
extracted using the tomcat-coded alias for the HP SIM certificate. For example:

mxcert -l tomcat

The certificate data resembles:

-----BEGIN CERTIFICATE-----
.
.
.
several lines of encoded data
.
.
.
-----END CERTIFICATE-----

56

Configuring iLO 2

Advertising
Popular Brands
Popular manuals