Two-factor authentication
RILOE II is a powerful tool for managing HP ProLiant servers. To prevent misuse of this tool, access to RILOE II requires reliable user authentication. This firmware release provides a stronger authentication scheme for RILOE II using two factors of authentication: a password or PIN and a private key for a digital certificate. Users are asked to verify their identities by providing both factors. Users can store their digital certificates and private keys wherever they choose, for example, smart card, USB token, or hard disk.
Setting up
When setting up
Setting up local user accounts:
1.Obtain the public certificate from the CA that issues user certificates or smart cards in your organization.
2.Export the certificate in Base64 encoded format to a file on your desktop, for example, CAcert.txt.
3.Obtain the public certificate of the user who needs access to RILOE II.
4.Export the certificate in Base64 encoded format to a file on your desktop, for example, Usercert.txt.
5.Open the file CAcert.txt in Notepad, select all of the text, and copy by pressing the Ctrl+C keys.
6.Log in to RILOE II and browse to the
7.Click Import Trusted CA Certificate. Another page appears.
8.Click the white text area so that your cursor is in the text area, and paste the contents of the clipboard by pressing the Ctrl+V keys.
9.Click Import Root CA Certificate. The
10.From your desktop, open the file for the user certificate in Notepad, select all the text, and copy the text to the clipboard by pressing the Ctrl+C keys.
11.Browse to the User Administration page on RILOE II, and select the user for which you have obtained a public certificate or create a new user.
12.Click View/Modify.
13.Click Add a certificate.
14.Click the white text area so that your cursor is in the text area, and paste the contents of the clipboard by pressing the CTRL+V keys.
15.Click Add user Certificate. The Modify User page appears again with a 40 digit number in the Thumbprint field. You can compare the number to the thumbprint displayed for the certificate by using Microsoft® Certificate Viewer.
16.Browse to the
17.Change Enforce
18.Change Check for Certificate Revocation to No (default).
19.Click Apply. RILOE II is reset. When RILOE II attempts to go to the login page again, the browser displays the Client Authentication page with a list of certificates that are available to the system.
If the user certificate is not registered on the client machine, you will not see it in the list. The user certificate must be registered on the client system before you can use it. If there are no client certificates on the client system you may not see the Client Authentication page and instead see a Page cannot be displayed error. To resolve the error, the client certificate must be registered on the client machine. For more information on exporting and registering client certificates, See the documentation for your smart card, or certificate authority.
RILOE II security 63