HP 436853-001 manual Importing a certificate, Creating a certificate

Page 21

oputty.exe -load "session name"

Importing a certificate

If you do not want to use the preinstalled public key (certificate), create and install your own private key (certificate). Importing a key or certificate is a one-time procedure that supports both SSH and SSL. The key must be generated using external third-party software, placed on a TFTP server, and uploaded to the LO100. For Microsoft® Windows®, if you do not have a TFTP software package, use TFTPD32.EXE, which is available on the Internet. Linux generally has a TFTP server installed with the operating system. If it is not, see your Linux documentation for more information.

NOTE: When you use the CLP load command with TFTPD32, HP recommends using a 30- second timeout and 6 retries.

NOTE: When using the CLP load command in Linux set the timeout to 15000000. The firewall built into some Linux systems might not allow the TFTP server to send and receive information. You might have to disable the firewall to allow these connections. If you are experiencing firewall issues, change the firewall settings to allow connections on port 69 (the default port for TFTP servers). See your firewall documentation for additional information.

Creating a certificate

LO100 requires a 1,024-bit DSA key stored in PEM (Base64-encoded) format to be located on a TFTP server. For example, the following process uses Win32 OpenSSL, downloaded from the Shining Light Productions website (http://www.slproweb.com/products/Win32OpenSSL.html), with the commands issued in a DOS window to generate the certificate. To generate a certificate using Win32 OpenSSL:

1.Download Win32 OpenSSL.

2.Install and set up OpenSSL.

3.Using OpenSSL, generate a DSA parameters file:

openssl dsaparam -out server_dsaparam.pem 1024

4.Generate the DSA private key file, called server_privkey.pem:

openssl gendsa -out server_privkey.pem server_dsaparam.pem

5.Generate the DSA certificate (public key) file, called server cacert.pem:

openssl req -new -x509 -key server_privkey.pem -out server_cacert.pem - days 1095

6.When prompted for a distinguished name, enter an appropriate domain name for the servers receiving the certificate.

7.After creating the certificate, copy it to a TFTP server that is accessible on the same network as LO100.

Installing a certificate or private key through the CLP

To install the certificate, log in to LO100 as administrator through the CLP interface and issue the load command to upload and install the certificate. For example:

load -source <URI> -oemhpfiletype cer

where:

Using LO100 21

Page 20 Page 22
Image 21
Page 20 Page 22
Contents HP ProLiant Lights-Out 100 Remote Management User Guide Audience assumptions Contents Acronyms and abbreviations Index Operational overview Server management featuresUser guide overview Server managementOperational overview Installation Remote management card kit contentsPre-installation procedures Installation Post-installation procedures Installation Configuration Configuring network accessEstablishing user accounts Enabling serial access to the LO100 Using the serial portLO100 serial port configuration Using TCP/IP over Ethernet management portSelecting an Ethernet management port Obtaining a Dhcp IP address from the Bios Setup UtilityEnabling telnet and Http services Setting up a static IP address from the Bios Setup UtilityUpdating the firmware Updating the firmware remotelyRompaq /D infile outfile Tftp settings Configuration SSL overview Using LO100Ssh -l loginname ipaddress/dns name Putty.exe -ssh -telnet -rlogin -raw user@hostSSH overview Installing a certificate or private key through the CLP Importing a certificateCreating a certificate Help o load o reset o set Using CLPCLP overview Load -source URI -oemhpfiletype keyShow Start Stop Exit Version Base commandsHelp/-h All/-a Help show Usage show targetoptionsproperties Show -hShow -help Usage show targetoptionsproperties Using LO100 Rompaq /D infile outfile Specific commands Ipmi 2.0 supportMap1/- version Version Logging in through a web browser Logging in to LO100Logging in through the CLP Browser main menu optionsHardware Inventory Controlling server power remotelyControlling server power through the CLP Controlling server power from a browserSystem1/ reset System1 reset System1/ start /system1 System1 startedViewing sensors data from the Bios Setup Utility Controlling server power through the Bios Setup UtilityMonitoring sensors Viewing sensors data from a web browserPlatform event filtering configuration Accessing the system event log from a web browser Using the system event logAccessing the system event log from the CLP Accessing the system event log from the Bios Setup UtilityEnter cd /./system1/log1 Network settings Configuring network settings using a web browserConfiguring network settings using the CLP Configuring network settings using the Bios Setup Utility Using the virtual floppy feature Configuring virtual floppy from a Web browser Configuring the Tftp ServerConfiguring the virtual floppy from the Bios setup Configuring virtual floppy from the CLPSet oemhpvsitftpserver=10.12.52.142 Rebooting the server Platform event trap configurationSet oemhpvsipath=rboot Set oemhpvsipermission=rwChanging user settings through a web browser User administrationAccessing the remote console through telnet Changing user settings through the CLPBios console text redirection through telnet Linux console redirection S012345respawn/sbin/agetty -L 115200 ttyS0 vt102 Microsoft Windows EMS managementHP SIM support Acronyms and abbreviations KCS SSL Index ROMPaq utility Safety considerations Index
Top Page Image Contents