[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More
Experts Exchange Solution brought to you by
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
1. Setup an Smartcard enrollment Agent in your directory to assign certificates to the Smartcards.
2. Verify your directory settings can logon to iLO with two-factor disabled.
3. Verify Two-factor settings can logon to iLO with Directory disabled.
4. Enable both two-factor, and directory. The first logon phase will be logon with the smartcard certificate, then you will see a prompt for the directory password for the Directory User of the SmartCard. Depends on how the Certificates are build, you may need to change the "Certificate Owner Field" in the Two Factor Authentication page to "SAN" or "Subject" to get the direcotry logon to work.
For most customers, the critical factor is the Active Directory setting that says "require smartcard for authentication". iLO LDAP name/password cannot work when that checkbox is checked. iLO kerberos integrated two factor authentication can and does.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Configure SSL security for LDAP connections:
a. Disable the SSL client. Use the SSL Client Configuration for LDAP Client area on the Security page.
b. Generate or import a certificate. Use the SSL Client Certificate Management area on the Security page (see "SSL client certificate management" section).
c. Import one or more trusted certificates. Use the SSL Client Trusted Certificate Management area on the Security page (see "SSL client trusted certificate management" section).
d. Enable the SSL client. Use the SSL Client Configuration for LDAP Client area on the Security page (see "Enabling SSL for the LDAP client" section).
The SSL client requires that a valid certificate and corresponding private encryption key be installed before SSL is enabled. Two methods are available for generating the private key and required certificate: using a self-signed certificate, or using a certificate signed by a certificate authority.
The procedure for generating the private encryption key and certificate for the SSL client is the same as the procedure for the SSL server, except that you use the SSL Client Certificate Management area of the Security Web page instead of the SSL Server Certificate Management area. If you want to use a self-signed certificate for the SSL client, see "Generating a self-signed certificate" section. If you want to use a certificate authority signed certificate for the SSL client, see "Generating a certificate-signing request" section.
From novice to tech pro — start learning today.
Premium members can enroll in this course at no extra cost.