Certificates - HP Integrated Lights-Out User Manual

Include at least three of the four following characteristics:
At least one numeric character
o
At least one special character
o
At least one lowercase character
o
At least one uppercase character
o
Passwords issued for a temporary user ID, password reset, or a locked-out user ID should also conform to
these standards. Each password must be a minimum length of zero characters and a maximum length of
39 characters. The default minimum length is set to eight characters. Setting the minimum password length
to fewer than eight characters is not recommended unless you have a physically secure management
network that does not extend outside the secure data center.

Certificates

By default, iLO creates a self-signed certificate for use in SSL connections. This certificate enables the iLO
to work without any additional configuration steps. The security features of the iLO can be enhanced by
importing a trusted certificate.
Create Certificate Request—iLO can create a CR (in PKCS #10 format), which can be sent to a CA.
This certificate request is base64 encoded. A CA processes this request and returns a response
(X.509 certificate) that can be imported into iLO.
The CR contains a public/private key pair that is used for validation of communications between the
client browser and iLO. The generated CR is held in memory until either a new CR is generated, a
certificate is imported by this process, or the iLO is reset, which means you can generate the CR and
copy it to the client clipboard, leave the iLO website to retrieve the certificate, then return to import
the certificate.
When submitting the request to the CA, be sure to:
Use the iLO name as listed on the System Status screen as the URL for the server.
o
Request the certificate be generated in the RAW format.
o
Include the Begin and End certificate lines.
o
Every time you click Create Certificate Request, a new certificate request is generated, even though
the iLO name is the same.
Import Certificate—If you are returning to the Create Certificate Request page with a certificate to
import, click Import Certificate to go directly to the Certificate Import screen without generating a
new CR. This is important in that a given certificate only works with the keys contained in the CR
from which the certificate was generated. If the iLO has been reset or another CR has been
generated since the CR that was used to request the certificate was generated, then another CR must
be generated and a new certificate procured from the CA.
You can create a certificate request or import an existing certificate using RIBCL XML commands. These
commands enable you to script and automate certificate deployment on iLO servers instead of manually
deploying certificates through the Web interface. For more information, refer to
"CERTIFICATE_SIGNING_REQUEST" and "IMPORT_CERTIFICATE" in the "Remote Insight Command
Language" section.
CERTIFICATE_SIGNING_REQUEST and IMPORT_CERTIFICATE cannot be used with the standard
CPQLOCFG utility. However, you can use the PERL version of CPQLOCFG in combination with these
commands.
iLO security 54