Configuring Cac Smartcard Authentication Settings - HP HPE iLO 5 User Manual

Configuring CAC Smartcard Authentication settings

Prerequisites
• An iLO license that supports this feature is installed.
• Optional: Install the LDAP server CA certificates for directory integration.
• Optional: Configure LDAP directory integration in Directory Default Schema mode for directory
integration.
Procedure
1. Click Security in the navigation tree, and then click the CAC/Smartcard tab.
2. Install a trusted CA certificate.
This certificate is used to validate certificates that are presented to iLO. The certificate must be
compliant with the configured iLO security state.
3. Configure the Authentication Options:
a. Enable CAC Smartcard Authentication.
b. Optional: Enable CAC Strict Mode.
4. Optional (for directory integration): Select an option in the Directory User Certificate Name Mapping
section.
This setting identifies which portion of your user certificate will be used to identify your directory user
account.
5. To save the Authentication Options and Directory User Certificate Name Mapping setting, click
the Apply button.
6. Optional: To import a Certificate Revocation List (CRL), enter a URL in the Revocation List URL box,
and then click Apply.
This step allows you to invalidate previously issued certificates that have been revoked.
The CRL size limit is 100 KB and the CRL must be in DER format.
7. Upload and map a smartcard certificate to a local iLO user account (when using iLO with local user
authentication only).
CAC smartcard authentication settings
Authentication Options
• CAC Smartcard Authentication—Enables and disables authentication through a common access
smartcard.
• CAC Strict Mode—Enables or disables CAC Strict Mode, which requires a client certificate for every
connection to iLO. When this mode is enabled, iLO will not accept user names or passwords when
connecting, and only key-based authentication methods are allowed.
242 Configuring CAC Smartcard Authentication settings