Configuring iLO 2 57
certificates and iLO 2 server names. When the allocated storage is used, no more imports are
accepted.
After setting up SSO in iLO 2, log into HP SIM, locate the LOM processor, select
Tools>System
Information>iLO as...
HP SIM launches a new browser that is logged in to the LOM management
processor.
Adding HP SIM trusted servers
You can install HP SIM server certificates using scripting that is suitable for mass deployment. For more
information, see the
HP Integrated Lights-Out Management Processor Scripting and Command Line
Resource Guide
. To add HP SIM server records using a browser:
1.
Click
Administration>Security>HP SIM SSO.
2.
Click
Add an HP SIM Server.
3.
To authenticate the server, choose one of the following:
o
To add an HP SIM server using Trust by Name authentication, enter the full network name of the
HP SIM server in the Add a Trusted HP SIM Server Name section. Click
Add Server Name.
Trust by Name authentication uses fully qualified domain names; for example, sim-host.hp.com
instead of sim-host. If you are unsure of the fully qualified domain name, use the
nslookup
host
command.
o
To retrieve and import a certificate from a trusted HP SIM server, enter the full network name of
an HP SIM Server in the Retrieve and import a certificate from a trusted HP SIM Server section.
Click
Import Certificate
to request the certificate from the HP SIM server and automatically import
it. This record supports SSO Trust by Name and SSO Trust by Certificate.
To prevent any certificate tampering directly import an HP SIM server certificate. To directly
import an HP SIM server certificate, retrieve the HP SIM certificate date using one of the
following options:
—
Using a separate browser window, browse to the HP SIM server using the URL:
http://<sim network address>:280/GetCertificate
Cut and paste the certificate data from HP SIM into iLO 2.
—
Export the HP SIM server certificate from the HP SIM user interface by selecting
Options>Security>Certificates>Server Certificate.
Open the file using a text editor, and copy
and paste all the certificate raw data into iLO 2.
—
Using command-line tools on the HP SIM server, the HP SIM certificate can be extracted using
the tomcat-coded alias for the HP SIM certificate. For example:
mxcert -l tomcat
The certificate data resembles:
-----BEGIN CERTIFICATE-----
several lines of encoded data
-----END CERTIFICATE-----
After pasting the HP SIM server base-64 encoded x.509 certificate data into the Directly import a
HP SIM Server Certificate section, click
Import Certificate
to record the data. This type of record
supports SSO Trust by Name and SSO Trust by Certificate.
There are other ways to retrieve HP SIM server certificate data. For more information, see your HP SIM
documentation.