Manuals / IBM / Computer Equipment / Network Card

IBM Remote Supervisor Adapter II manual Enabling SSL for the LDAP client

Models: Remote Supervisor Adapter II

1 132

Download 132 pages 21.75 Kb

Page 70

Enabling SSL for the LDAP client

The Remove button is now available for the Trusted CA Certificate 1 option. If you want to remove a trusted certificate, click the corresponding Remove button.

You can import other trusted certificates using the Trusted CA Certificate 2 and the Trusted CA Certificate 3 Import buttons.

Enabling SSL for the LDAP client

Use the SSL Client Configuration for LDAP Client area of the Security page to enable or disable SSL for the LDAP Client. To enable SSL, a valid SSL client certificate and at least one trusted certificate must first be installed.

To enable SSL for the client, complete the following steps:

1.In the navigation pane, click Security. A page similar to the one in the following illustration is displayed.

The Security page shows an installed SSL client certificate and Trusted CA

Certificate 1.

2.On the SSL Client Configuration for LDAP Client page, select Enabled in the SSL Client field.

Notes:

a.The selected value (Enabled or Disabled) takes effect immediately.

b.Before you can enable SSL, a valid SSL certificate must be in place.

c.Your LDAP server must support SSL3 or TLS to be compatible with the SSL implementation that the LDAP client uses.

3.Click Save. The selected value takes effect immediately.

Configuring the Secure Shell server

Note: The Secure Shell server feature is not available on all servers.

The Secure Shell (SSH) feature provides secure access to the command-line interface and the serial (text console) redirect features of the Remote Supervisor Adapter II.

62 Remote Supervisor Adapter II SlimLine and Remote Supervisor Adapter II: User’s Guide

Image 70

IBM Remote Supervisor Adapter II manual Enabling SSL for the LDAP client, Configuring the Secure Shell server

Contents

Remote Supervisor Adapter II SlimLine User’s Guideand Remote Supervisor Adapter Page Remote Supervisor Adapter II SlimLine User’s Guideand Remote Supervisor Adapter Seventh Edition April Chapter 2. Opening and using the Web interface ContentsChapter 3. Configuring the Remote Supervisor Adapter Chapter 4. Monitoring remote server status Viewing system health Chapter 6. Command-line interfaceChapter 5. Performing Remote Supervisor Adapter II tasks Appendix A. Getting help and technical assistance ContentsPage Chapter 1. Introduction Remote Supervisor Adapter II features2. Under Product support, click System v Automatic notification and alerts v Automated Server Restart ASR Web browser and operating-system requirements Notices used in this bookPage Chapter 2. Opening and using the Web interface Logging in to the Remote Supervisor Adapter4. The Welcome window opens 5. Click Continue to start the session Link Remote Supervisor Adapter II action descriptionsTable 1. Remote Supervisor Adapter II actions ActionAction Table 1. Remote Supervisor Adapter II actions continuedLink DescriptionLink Attention When you click Restore Defaults, all of theTable 1. Remote Supervisor Adapter II actions continued ActionChapter 3. Configuring the Remote Supervisor Adapter Setting system information Setting server timeouts Chapter 3. Configuring the Remote Supervisor Adapter IIO/S watchdog POST watchdogLoader watchdog Power off delay NMI reset delaySetting the date and time Synchronizing clocks in a network NTP auto-synchronization serviceNTP update frequency NTP server host name or IP addressCreating a login profile Disabling the USB device driver interface4. In the Login ID field, type the name of the profile Supervisor Configuring the global login settingsLogin Profiles Read Only2. In the navigation pane, click Login Profiles Number of previous passwords that cannot be used Configuring remote alert settingsUser login password required Maximum Password AgeConfiguring remote alert recipients v IBM Director Comprehensive Forwarding alerts Setting remote alert attempts Delay between retries Setting remote alertsDelay between entries Remote alert retry limitWarning alerts Setting local events System alertsConfiguring the serial connectors Table 5. Local events4. In the Baud rate field, select the data-transfer rate Field Table 6. Port 1 settingsWhat you type default value is 1 second Configuring the dual serial connectors for serial redirectionstring is issued to the modem, so that the modem will recognize the Escape guardSerial-to-serial redirection a. In the Port function field, select Serial redirecttelnet 192.168.70.125 Press Enter. Connecting to Serial-to-Telnet redirectionExample session username USERID Press Enter password ******** Press Enterv None CLI disabled Configuring the command-line interface settings3. Scroll to the Serial Redirect Settings / CLI Settings area CLI modev Disabled CLI authenticationv Enabled v CLI with user defined keystroke sequencesConfiguring port assignments HTTPSTCP command mode Configuring network interfacesConfiguring an Ethernet connection to the Remote Supervisor Adapter SNMP Agentv Enabled v Try DHCP server. If it fails, use static IP config The default setting is Configuring PPP access over a serial connection Configuring network protocols Configuring SNMPTo configure SNMP, complete the following steps Configuring SMTP Configuring LDAP Setting up a client to use the LDAP serverDomain Source Search DomainRoot DN Service NameGroup Filter Configuring the LDAP search attributes Configuring the LDAP client authenticationBinding Method UID Search Attribute Login Permission AttributeGroup Search Attribute v Reserved bit position 11 This bit is reserved for future use Command mode TCP Command Mode ProtocolService Location Protocol SLP Command mode timeoutAddress type Configuring securitySecure Web server and secure LDAP Multicast addressSSL certificate overview SSL server certificate management Generating a self-signed certificateGenerating a certificate-signing request State or Province Required certificate dataCountry City or LocalityEmail Address Challenge PasswordContact Person Optional certificate dataopenssl req -in csr.der -inform DER -out csr.pem -outform PEM openssl x509 -in cert.pem -inform PEM -out cert.der -outform DEREnabling SSL for the secure Web server SSL client certificate managementSSL client trusted certificate management Configuring the Secure Shell server Enabling SSL for the LDAP clientGenerating a Secure Shell server key Enabling the Secure Shell serverUsing the configuration file Using the Secure Shell serverBacking up your current configuration Restoring and modifying your ASM configuration Restarting ASM Restoring ASM defaultsLogging off 2. If you are running Internet Explorer or Netscape Navigator, click Yes in the confirmation window Page Chapter 4. Monitoring remote server status Viewing system healthSoft Shutdown Warning ResetHard Shutdown Critical Non-recoverableNon-critical Return to normalHard Shutdown Non-recoverableSoft Shutdown Non-criticalViewing the event log Informational Component level VPD Viewing vital product dataMachine level VPD Component Activity LogDiagnostics VPD POST/BIOS VPDASM VPD Field Integrated system management processor VPDTable 16. ASM vital product data continued FunctionPage Server power and restart activity Chapter 5. Performing Remote Supervisor Adapter II tasksPower on server immediately Remotely controlling the power status of a serverPower-on hours Restart countPower off server immediately Remote controlPower on server at specified time Power Off Server Immediately Shut down OS and then power off serverRemote console Remote disk Remote console keyboard support4. Click Save Buttons Page CD-ROM Select FileRemovable Drive USB flash drive2 Select Uninstall/Unplug a device then, click Next Setting up PXE network bootSerial redirection quick setup 3 Click Unplug/Eject a device then, click NextRedirect to Telnet Disable serial redirectSerial pass-thru 3. Use the following information to complete the quick setup informationUpdating firmware e. Click ContinueASM Name Accessing remote adapters through an ASM interconnect networkSystem Health ASM Interconnect Connectionfunction not supported Direct LAN Connectionno LAN support no LAN connectionLogging in to the command-line session Chapter 6. Command-line interfaceAccessing the command line Command syntax4 history x345RSA !0 state enabled -c dthens i 192.168.70.125 -g s Features and limitationsx345RSA history 0 ifconfig eth0 1 readlog 2 readlog 3 readlog x345RSA power on ok x345RSA power state Power Onhelp command Utility commandsexit command history commandfans command Monitor commandsclearlog command readlog commandvolts command syshealth commandtemps command DescriptionSyntax vpd commandServer power and restart control commands DescriptionSerial redirect command power commandreset command console commandDescription Configuration commandsdhcpinfo command SyntaxSyntax ifconfig commandDescription Example ldap commandx345RSA ifconfig eth0 -state enabled SyntaxValues OptionDescription name/ipaddrSyntax ntp commandpasswordcfg command Descriptionx345RSA passwordcfg Security Level Customize -exp cnt nul allowed portcfg commandx345RSA passwordcfg -nul yes ok x345RSA passwordcfg -cnt 5 ok ExampleExample slp commandsrcfg command SyntaxExample ssl commandDescription SyntaxParameters tcpcmdmode commandServer secure transport enable Server Web/CMD key statusSyntax timeouts commandExample DescriptionDescription users commandSyntax Exampleclock command ASM control commandsclearcfg command DescriptionExample resetsp commandupdate command DescriptionExample Page Appendix A. Getting help and technical assistance Using the documentationBefore you call IBM Taiwan product service Software service and supportHardware service and support Getting help and information from the World Wide WebAppendix B. Notices TrademarksImportant notes Appendix B. Notices Page Index A Page continued web site continued support line, telephone numbersPage Part Number 43W7827 Printed in USA 1P P/N 43W7827