Two-factor authentication user certificates – HP Remote Insight Lights-Out Edition II Board User Manual
Page 64
RILOE II security 64
20.
Choose the certificate that was added to the user in RILOE II. Click OK.
21.
If prompted to do so, insert your smart card, or enter your PIN or password.
After completing the authentication process, you have access to RILOE II.
Setting up directory user accounts:
1.
Obtain the public certificate from the CA that issues user certificates or smart cards in your
organization.
2.
Export the certificate in bas64 encoded format to a file on your desktop, for example, CAcert.txt.
3.
Open the file in Notepad, select all the text, and copy the contents to the clipboard by pressing the
Ctrl+C keys.
4.
Log in to RILOE II and browse to the Two-Factor Authentication Settings page.
5.
Click Import Trusted CA Certificate. Another page appears.
6.
Click the white text area so that your cursor is in the text area, and paste the contents of the
clipboard by pressing the Ctrl+V keys.
7.
Click Import Root CA Certificate. The Two-Factor Authentication Settings page appears again
with information displayed under Trusted CA Certificate Information.
8.
Change Enforce Two-Factor authentication to Yes.
9.
Change Check for Certificate Revocation to No (default).
10.
Change Certificate Owner Field to SAN. For more information, See the "Two-Factor Authentication
Settings (on page
11.
Click Apply. RILOE II is reset. When RILOE II attempts to go to the login page again, the browser
displays the Client Authentication page with a list of certificates that are available to the system.
12.
Select the certificate added to the user in RILOE II. Click Ok.
13.
If prompted to do so, insert your smart card, or enter your PIN or password. The login page should
be displayed with the e-mail address for the user in the Directory User field. You cannot change the
Directory User field.
14.
Enter the password for the directory user. Click Login.
After completing the authentication process, you have access to RILOE II. See the "Directory settings (on
page
)" section for more information on configuring directory users and privileges.
Two-factor authentication user certificates
To authenticated a user through locally on RILOE II, a certificate must be associated with the user's local
user name. On the Administration>Modify User page, if a certificate has been mapped to the user a
thumbprint (an SHA1 hash of the certificate) appears with a button that removes the certificate. If a
certificate has not been mapped to the user,
Thumbprint: A certificate has NOT been
mapped to this user
appears with a button that starts the certificate import process.
To set up a user for two-factor authentication and add a user certificate:
1.
Log in to RILOE II using an account that has the Configure RILOE II Settings privilege. Click
Administration.
2.
Select a user.
3.
Click View/Modify.
4.
Under the User Certificate Information section, click Add a certificate.
5.
On the Map User Certificate page, paste the user certificate into the text-box and click Import
Certificate. For more information on creating, copying, and pasting certificate information, See the
"Setting up two-factor authentication for the first time (on page