Every time you click Generate Certificate Request, a new certificate request is generated, even though the RILOE II name is the same.

Import Certificate—If you are returning to the Create Certificate Request page with a certificate to import, click Import Certificate to go directly to the Certificate Import page without generating a new CR. A given certificate only works with the keys contained in the CR from which the certificate was generated. If RILOE II is reset or another CR is generated since the CR that was used to request the certificate generated, then another CR must be generated and a new certificate procured from the CA.

You can create a certificate request or import an existing certificate using RIBCL XML commands. These commands enable you to script and automate certificate deployment on RILOE II servers instead of manually deploying certificates through the web interface. For more information, See "CERTIFICATE_SIGNING_REQUEST" and "IMPORT_CERTIFICATE" in the "Remote Insight Command Language (on page 138)" section.

CERTIFICATE_SIGNING_REQUEST and IMPORT_CERTIFICATE cannot be used with the standard CPQLOCFG utility. However, you can use the PERL version of CPQLOCFG in combination with these commands.

Installing certificate services

1.Select Start>Settings>Control Panel.

2.Double-clickAdd/Remove Programs.

3.Click Add/Remove Windows Components to start the Windows Components wizard.

4.Select the Certificate Services check box. Click Next.

5.Click OK at the warning that the server cannot be renamed. The Enterprise root CA option is selected because there is no CA registered in the active directory.

6.Enter the information appropriate for your site and organization. Accept the default time period of two years for the Valid for field. Click Next.

7.Accept the default locations of the certificate database and the database log. Click Next.

8.Browse to the c:\I386 folder when prompted for the Windows® 2000 Advanced Server CD.

9.Click Finish to close the wizard.

Verifying directory services

Because management processors communicate with Active Directory using SSL, it is necessary to create a certificate or install Certificate Services. You must install an enterprise CA because you will be issuing certificates to objects within your organizational domain.

To verify that certificate services is installed:

1.Select Start>Programs>Administrative Tools>Certification Authority.

2.If Certificate Services is not installed an error message appears.

Configuring Automatic Certificate Request

To specify that a certificate be issued to the server:

1.Select Start>Run, and enter mmc.

2.Click Add.

3.Select Group Policy, and click Add to add the snap-in to the MMC.

4.Click Browse, and select the Default Domain Policy object. Click OK.

5.Select Finish>Close>OK.

RILOE II security 68