Link to home
Start Free TrialLog in
Avatar of IT _Admin0723
IT _Admin0723Flag for United States of America

asked on

IMM/ILO using smartcard authentication

Has anyone set up ILO and IMM using smart card authentication? and if yes, how did you set it up correctly?
ASKER CERTIFIED SOLUTION
Avatar of btan
btan

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of IT _Admin0723

ASKER

Hi Thanks BTAN for the info. What about IMM for IBM? Do you have any ideas?
Avatar of btan
btan

Not really into IMM for IBM but looking at its possible user profile for login, the use of LDAP
http://www.cisco.com/c/en/us/td/docs/wireless/module/imm/user/guide/imm_guide/03_Configuring_IMM.html#wp1057831 

I see there is certificate possible to state and issue user account with smartcard based certificate (like any smartcard logon enrollment for client machine) for the use of web browser to get into IMM running the Secure Web server supporting SSL connection.
Configure SSL security for LDAP connections:  
 a. Disable the SSL client. Use the SSL Client Configuration for LDAP Client area on the Security page.
 
 b. Generate or import a certificate. Use the SSL Client Certificate Management area on the Security page (see "SSL client certificate management" section).
 
 c. Import one or more trusted certificates. Use the SSL Client Trusted Certificate Management area on the Security page (see "SSL client trusted certificate management" section).
 
 d. Enable the SSL client. Use the SSL Client Configuration for LDAP Client area on the Security page (see "Enabling SSL for the LDAP client" section).
http://www.cisco.com/c/en/us/td/docs/wireless/module/imm/user/guide/imm_guide/03_Configuring_IMM.html#wp1059179

Focusing on SSL client
The SSL client requires that a valid certificate and corresponding private encryption key be installed before SSL is enabled. Two methods are available for generating the private key and required certificate: using a self-signed certificate, or using a certificate signed by a certificate authority.
 
The procedure for generating the private encryption key and certificate for the SSL client is the same as the procedure for the SSL server, except that you use the SSL Client Certificate Management area of the Security Web page instead of the SSL Server Certificate Management area. If you want to use a self-signed certificate for the SSL client, see "Generating a self-signed certificate" section. If you want to use a certificate authority signed certificate for the SSL client, see "Generating a certificate-signing request" section.
 http://www.cisco.com/c/en/us/td/docs/wireless/module/imm/user/guide/imm_guide/03_Configuring_IMM.html#wp1059410

better to consult IBM folks and I will not be surprised if they may suggest their Tivoli Access Manage http://www-01.ibm.com/support/knowledgecenter/SS9JLE_8.1.0/com.ibm.itamesso.doc_8.1/common/smart_cards_support_enabling.html?lang=en