3.
Enter the name of a file on an attached media device. Supported formats include .der, .cer, and .crt.
4.
(Optional) To apply a signature GUID to this key:
a.
Select
Signature GUID (optional)
and press
Enter
.
b.
Enter an ID and press
Enter
. Use the following GUID format (36 characters):
11111111-2222-3333-4444-1234567890ab
.
• For Hewlett Packard Enterprise certificates, enter
F5A96B31-DBA0-4faa-
A42A-7A0C9832768E
• For Microsoft certificates, enter
77fa9abd-0359-4d32-bd60-28f4e78f784b
• For SUSE certificates, enter
2879c886-57ee-45cc-b126-f92f24f906b9
5.
Select
Commit changes and exit
.
Delete Platform Key (PK)
Use this option to delete a PK certificate.
NOTE:
Deleting the Platform Key forces Secure Boot to be disabled until you enroll a new PK.
Deleting a PK certificate
Procedure
1.
From the
System Utilities
screen, select
System Configuration
>
BIOS/Platform Configuration
(RBSU)
>
Server Security
>
Secure Boot Settings
>
Advanced Secure Boot Options
>
Platform
Key (PK) Options
>
Delete Platform Key (PK)
and press
Enter
.
2.
Select a key from the list and press
Enter
.
3.
Press
Enter
to delete the key.
Key Exchange Key (KEK) Options
• Enroll KEK Entry
• Delete KEK Entry
Enroll KEK Entry
Use this option to enroll a Key Exchange Key certificate. The Key Exchange Key protects the signature
database from unauthorized modifications. No changes can be made to the signature database without
the private portion of this key.
84
Configuring Server Security