Configuring iLO 2 48
10.
From your desktop, open the file for the user certificate in Notepad, select all the text, and copy the
text to the clipboard by pressing the
Ctrl+C
keys.
11.
Browse to the User Administration page on iLO 2, and select the user for which you have obtained a
public certificate or create a new user.
12.
Click
View/Modify.
13.
Click
Add a certificate.
14.
Click inside the white text area so that your cursor is in the text area, and paste the contents of the
clipboard by pressing the
CTRL+V
keys.
15.
Click
Add user Certificate
. The Modify User page appears again with a 40-digit number in the
Thumbprint field. You can compare the number to the thumbprint displayed for the certificate by
using Microsoft® Certificate Viewer.
16.
Browse to the Two-Factor Authentication Settings page.
17.
Select
Enabled
for the Two-Factor Authentication option.
18.
Select
Disabled
for the Certificate Revocation Checking option. This value is the default.
19.
Click
Apply
. iLO 2 is reset. When iLO 2 attempts to go to the login page again, the browser
displays the Client Authentication page with a list of certificates that are available to the system.
If the user certificate is not registered on the client machine, you will not see it in the list. The user
certificate must be registered on the client system before you can use it. If there are no client
certificates on the client system you might not see the Client Authentication page and instead see a
Page cannot be displayed error. To resolve the error, the client certificate must be registered on the
client machine. For more information on exporting and registering client certificates, see the
documentation for your smart card or contact your certificate authority.
20.
Select the certificate that was added to the user in iLO 2. Click
OK.
21.
If prompted to do so, insert your smart card, or enter your PIN or password.
After completing the authentication process, you have access to iLO 2.
Setting up directory user accounts
1.
Obtain the public certificate from the CA that issues user certificates or smart cards in your
organization.
2.
Export the certificate in Base64-encoded format to a file on your desktop (for example, CAcert.txt).
3.
Open the file in Notepad, select all the text, and copy the contents to the clipboard by pressing the
Ctrl+C
keys.
4.
Log in to iLO 2, and browse to the
Two-Factor Authentication Settings
page.
5.
Click
Import Trusted CA Certificate
. Another page appears.
6.
Click inside the white text area so that your cursor is in the text area, and paste the contents of the
clipboard by pressing the
Ctrl+V
keys.
7.
Click
Import Root CA Certificate
. The Two-Factor Authentication Settings page appears again with
information displayed under Trusted CA Certificate Information.
8.
Change Enforce Two-Factor authentication to
Yes
.
9.
Change Certificate Revocation Checking to
No (default)
.
10.
Change Certificate Owner Field to
SAN
. For more information, see the "Two-Factor Authentication
(on page
46
)" section.
11.
Click
Apply
. iLO 2 is reset. When iLO 2 attempts to go to the login page again, the browser
displays the Client Authentication page with a list of certificates that are available to the system.