Configuring CAC Smartcard Authentication settings
Prerequisites
• An iLO license that supports this feature is installed.
• Optional: Install the LDAP server CA certificates for directory integration.
• Optional: Configure LDAP directory integration in
mode for directory
integration.
Procedure
1.
Click
Security
in the navigation tree, and then click the
CAC/Smartcard
tab.
2. Install a trusted CA certificate
This certificate is used to validate certificates that are presented to iLO. The certificate must be
compliant with the configured iLO security state.
3.
Configure the
Authentication Options
:
a.
Enable
CAC Smartcard Authentication
.
b.
Optional: Enable
CAC Strict Mode
.
4.
Optional (for directory integration): Select an option in the
Directory User Certificate Name Mapping
section.
This setting identifies which portion of your user certificate will be used to identify your directory user
account.
5.
To save the
Authentication Options
and
Directory User Certificate Name Mapping
setting, click
the
Apply
button.
6.
Optional: To import a Certificate Revocation List (CRL), enter a URL in the
Revocation List URL
box,
and then click
Apply.
This step allows you to invalidate previously issued certificates that have been revoked.
The CRL size limit is 100 KB and the CRL must be in DER format.
7. Upload and map a smartcard certificate
to a local iLO user account (when using iLO with local user
authentication only).
CAC smartcard authentication settings
Authentication Options
•
CAC Smartcard Authentication
—Enables and disables authentication through a common access
smartcard.
•
CAC Strict Mode
—Enables or disables CAC Strict Mode, which requires a client certificate for every
connection to iLO. When this mode is enabled, iLO will not accept user names or passwords when
connecting, and only key-based authentication methods are allowed.
242
Configuring CAC Smartcard Authentication settings