- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Remote Server Management
- >
- Re: iLO Client side cert (2-factor) auth failing
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-20-2006 04:59 AM
тАО09-20-2006 04:59 AM
iLO Client side cert (2-factor) auth failing
I've repeated this several times by switching in and out of 2-factor auth. Following the re-boot- that occurs after re-enabling 2-factor auth I can get in on 1st attempt but not again. This suggests that there is nothing particularly wrong with the certificate side of this. Any known bugs?
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-20-2006 10:52 PM
тАО09-20-2006 10:52 PM
Re: iLO Client side cert (2-factor) auth failing
You might have enabled the 2-factor on this iLO.
If so, you may have problems with your certificate or your client does not have a cert that iLO is looking for. Find out that your client have the correct cert in your smartcard device.
If your client cert is good, than you will need to disable 2-factor and recheck your 2-Factor certificates in iLO.
To disable 2-factor, press F8 at boot to get into the iLO RBSU setup, or run hponcfg with the Mod_2Factor.xml script from the OS(Windows or Linux).
Sample script is at http://h18000.www1.hp.com/support/files/Server/us/download/23218.html
hponcfg is at
http://h18007.www1.hp.com/support/files/server/us/download/23045.html
Hope this works!!!!!
Regards,
rmn
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-20-2006 11:49 PM
тАО09-20-2006 11:49 PM
Re: iLO Client side cert (2-factor) auth failing
Thanks for responding to this one but I can't see a problem with any of the certificates, as the first 2-factor authentication ALWAYS works. Furthermore I've now tried with three different CAs and each gives the same problem. I've also tried with two different servers (both DL380s with iLO V1.82), again with the same results.
Given the consistency of the problem, this has to be a configuration issue of some sort but I can't see what this can possibly be. Any idea what certificate attributes are checked as part of the SSL handshake (e.g. is the CN checked against the username)?
Cheers,
Steve.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-21-2006 04:25 AM
тАО09-21-2006 04:25 AM
Re: iLO Client side cert (2-factor) auth failing
First, try the latest iLO firmware. There is a bug fix related to certificate expiration. While that is probably not related to this issue, it is a 2-factor change.
Also, the 2-factor support for iLO user accounts tests that:
1: the client certificate (stored in the token) was stored by the imported root CA,
and
2: The client certificate thumbprint matches the one stored for the user account.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-21-2006 08:06 AM
тАО09-21-2006 08:06 AM
Re: iLO Client side cert (2-factor) auth failing
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-22-2006 02:24 AM
тАО09-22-2006 02:24 AM
Re: iLO Client side cert (2-factor) auth failing
I have to conclude form this that there's a small bug in the iLO server web front-end. Hopefully HP will fix this at some point but in the meantime I have a working solution. Thanks to all that replied.
Steve.