Each directory server that you want RILOE II to connect to must be issued a certificate. If you install an Enterprise Certificate Service, Active Directory can automatically request and install certificates for all of the Active Directory controllers on the network.

Certificates

By default, RILOE II creates a self-signed certificate for use in SSL connections. The self-signed certificate enables RILOE II to work without any additional configuration steps. The security features of RILOE II can be enhanced by importing a trusted certificate.

Generate Certificate Request—RILOE II can create a CR (in PKCS #10 format), which can be sent to a CA. The certificate request is Base64 encoded. A CA processes the request and returns a response (X.509 certificate) that can be imported into RILOE II.

The CR contains a public/private key pair that is used for validation of communications between the client browser and RILOE II. The generated CR is held in memory until either a new CR is generated, a certificate is imported by this process, or RILOE II is reset, which means you can generate the CR and copy it to the client clipboard, leave RILOE II website to retrieve the certificate, then return to import the certificate.

When submitting the request to the CA, be sure to:

Use the RILOE II name as listed on the System Status page as the URL for the server.

Request the certificate be generated in the RAW format.

Include the Begin and End certificate lines.

RILOE II security 67

Page 67
Image 67
HP 232664-006 manual Certificates