Certificates – HP Remote Insight Lights-Out Edition II Board User Manual

RILOE II security 67

Each directory server that you want RILOE II to connect to must be issued a certificate. If you install an
Enterprise Certificate Service, Active Directory can automatically request and install certificates for all of
the Active Directory controllers on the network.

Certificates

By default, RILOE II creates a self-signed certificate for use in SSL connections. The self-signed certificate
enables RILOE II to work without any additional configuration steps. The security features of RILOE II can
be enhanced by importing a trusted certificate.

•

Generate Certificate Request—RILOE II can create a CR (in PKCS #10 format), which can be
sent to a CA. The certificate request is Base64 encoded. A CA processes the request and returns a
response (X.509 certificate) that can be imported into RILOE II.
The CR contains a public/private key pair that is used for validation of communications between the
client browser and RILOE II. The generated CR is held in memory until either a new CR is generated,
a certificate is imported by this process, or RILOE II is reset, which means you can generate the CR
and copy it to the client clipboard, leave RILOE II website to retrieve the certificate, then return to
import the certificate.
When submitting the request to the CA, be sure to:

•

Use the RILOE II name as listed on the System Status page as the URL for the server.

•

Request the certificate be generated in the RAW format.

•

Include the

Begin

and

End

certificate lines.