Previous Topic

Next Topic


All of the following parameters are optional. If a parameter is not specified, then the parameter value for the specified setting is preserved.

AUTH_TWOFACTOR_ENABLE enables or disables Two-Factor authentication. The possible values are "Yes" and "No."

CERT_REVOCATION_CHECK causes iLO 3 to use the CRL distribution point attribute of the client certificate to download the CRL and check against revocation. The possible values are "Yes" and "No." If this setting is set to Yes, and the CRL cannot be downloaded for any reason, authentication will be denied.

CERT_OWNER_SAN causes iLO 3 to extract the User Principle Name from the Subject Alternative Name, and use that for authentication with the directory, for example: username@domain.extension.

CERT_OWNER_SUBJECT causes iLO 3 to derive the user's distinguished name from the subject name. For example, if the subject name is "/DC=com/DC=domain/OU=organization/CN=user," iLO 3 will derive: "CN=user,OU=organization,DC=domain,DC=com."

The CERT_OWNER_SAN and CERT_OWNER_SUBJECT settings are only used if directory authentication is enabled.

IMPORT_CA_CERTIFICATE imports the certificate into iLO 3 as the trusted Certificate Authority. iLO 3 will only allow client certificates that are issued by this CA. A Trusted CA certificate must be configured in iLO 3 for Two-Factor authentication to function.

IMPORT_USER_CERTIFICATE imports the certificate into iLO 3 and maps it to the specified local user. Any client that authenticates with this certificate will authenticate as the local user to which it is mapped. The SHA1 hash of this certificate will be displayed on the Modify User website for the user to whom it is mapped. If iLO 3 is using directory authentication, client certificate mapping to local user accounts is optional and only necessary if authentication with local accounts is desired.

The IMPORT_CA_CERTIFICATE and IMPORT_USER_CERTIFICATE settings require that base64-encoded certificate data be included between the BEGIN and END tags.