IT _Admin0723
asked on
IMM/ILO using smartcard authentication
Has anyone set up ILO and IMM using smart card authentication? and if yes, how did you set it up correctly?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Not really into IMM for IBM but looking at its possible user profile for login, the use of LDAP
http://www.cisco.com/c/en/us/td/docs/wireless/module/imm/user/guide/imm_guide/03_Configuring_IMM.html#wp1057831
I see there is certificate possible to state and issue user account with smartcard based certificate (like any smartcard logon enrollment for client machine) for the use of web browser to get into IMM running the Secure Web server supporting SSL connection.
Focusing on SSL client
better to consult IBM folks and I will not be surprised if they may suggest their Tivoli Access Manage http://www-01.ibm.com/support/knowledgecenter/SS9JLE_8.1.0/com.ibm.itamesso.doc_8.1/common/smart_cards_support_enabling.html?lang=en
http://www.cisco.com/c/en/us/td/docs/wireless/module/imm/user/guide/imm_guide/03_Configuring_IMM.html#wp1057831
I see there is certificate possible to state and issue user account with smartcard based certificate (like any smartcard logon enrollment for client machine) for the use of web browser to get into IMM running the Secure Web server supporting SSL connection.
Configure SSL security for LDAP connections:http://www.cisco.com/c/en/us/td/docs/wireless/module/imm/user/guide/imm_guide/03_Configuring_IMM.html#wp1059179
a. Disable the SSL client. Use the SSL Client Configuration for LDAP Client area on the Security page.
b. Generate or import a certificate. Use the SSL Client Certificate Management area on the Security page (see "SSL client certificate management" section).
c. Import one or more trusted certificates. Use the SSL Client Trusted Certificate Management area on the Security page (see "SSL client trusted certificate management" section).
d. Enable the SSL client. Use the SSL Client Configuration for LDAP Client area on the Security page (see "Enabling SSL for the LDAP client" section).
Focusing on SSL client
The SSL client requires that a valid certificate and corresponding private encryption key be installed before SSL is enabled. Two methods are available for generating the private key and required certificate: using a self-signed certificate, or using a certificate signed by a certificate authority.http://www.cisco.com/c/en/us/td/docs/wireless/module/imm/user/guide/imm_guide/03_Configuring_IMM.html#wp1059410
The procedure for generating the private encryption key and certificate for the SSL client is the same as the procedure for the SSL server, except that you use the SSL Client Certificate Management area of the Security Web page instead of the SSL Server Certificate Management area. If you want to use a self-signed certificate for the SSL client, see "Generating a self-signed certificate" section. If you want to use a certificate authority signed certificate for the SSL client, see "Generating a certificate-signing request" section.
better to consult IBM folks and I will not be surprised if they may suggest their Tivoli Access Manage http://www-01.ibm.com/support/knowledgecenter/SS9JLE_8.1.0/com.ibm.itamesso.doc_8.1/common/smart_cards_support_enabling.html?lang=en
ASKER