Directory certificate information tab, Uploading a certificate – HP Onboard Administrator User Manual

Configuring the HP BladeSystem c7000 enclosure and enclosure devices 276

IMPORTANT:

If NT Account Name Mapping is used with the global catalog, and the search

context is not restrictive enough, or the domain name is not specified, the Onboard Administrator

may associate the authenticated user with a user account that has the same name in a different
domain. The authenticated user would then receive the authorization of the user in the other

domain. To avoid ambiguity when logging on LDAP user, select search contexts or provide the

domain name.

NOTE:

If NT Account Name Mapping is used with the global catalog, and cannot be resolved

to a single user, then the user is not authorized to access the Onboard Administrator. This may

occur with search contexts that are not restrictive enough and if multiple accounts with the same
name exist in different domains. To avoid ambiguity, select search contexts.

Click Apply to save settings.

NOTE:

Password rules enforced on LDAP servers might be different than password rules

enforced for local user accounts. Make sure both sets of rules adhere to security policies.

Directory Certificate Information tab

This screen displays the detailed information for all LDAP certificates that are currently in effect on the

Onboard Administrator.

Row

Description

Issued to

The entity to whom the certificate was issued

Issued by

The certificate authority that issued the certificate

Valid from

The date from which the certificate is valid

Valid until

The date the certificate expires

Serial Number

The serial number assigned to the certificate by the certificate authority

Version

Version number of current certificate

MD5 Fingerprint

Validation of authenticity and is embedded in the certificate

SHA1 Fingerprint

Validation of authenticity and is embedded in the certificate

Public Key

The name of the public key

Click Remove below the LDAP certificate you want to remove from the enclosure.

Uploading a certificate

Certificates protect user credentials from "man-in-the-middle" attacks. If certificates are not loaded onto the

Onboard Administrator, it is possible for a man-in-the-middle to view LDAP credentials for anyone who logs
into the Onboard Administrator. The Onboard Administrator accepts multiple domain controller certificates,

which can be uploaded using the Certificate Upload tab under Directory Settings.
To upload a certificate:

1.

Obtain the certificate from the domain controller by opening a browser and entering the following
address:
https://<domain controller>:636
where domain controller is the IP address for your network domain controller