No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionServer Pro Rack Server iBMC (V260 to V278) User Guide 13

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Two-Factor Authentication

Two-Factor Authentication

Function Description

Two-factor authentication allows user access only after both the client certificate and password are correct. It provides more security than the conventional authentication of only the account password.

You can upload the root and client certificates issued by the CA to the iBMC to implement secure connection between the client and the iBMC WebUI.

GUI

Choose Configuration, and select Two-Factor Authentication from the navigation tree.

The Two-Factor Authentication page is displayed.



Description

Table 3-49 Two-Factor Authentication

Parameter

Description

Two-Factor Authentication

Two-factor authentication allows users to log in to the iBMC WebUI only after the certificate and password are correct.

  • : enables two-factor authentication.
  • : disables two factor authentication.
NOTE:
  • After two-factor authentication is enabled, import the root and client certificates. Otherwise, authentication failures may occur in subsequent logins.
  • After two-factor authentication is enabled, the SSH service will be automatically disabled and cannot be enabled manually.

Certificate Revocation Check

Certificate revocation check verifies the validity of the client certificate during authentication. If the client certificate is invalid, the user cannot log in to the iBMC WebUI.

  • : enables certificate validity check.
  • : disables certificate validity check.
NOTE:
The certificate revocation check uses Online Certificate Status Protocol (OCSP). Before enabling the certificate revocation check, ensure that communication between the iBMC and the OCSP server is normal. Otherwise, the web service may become unavailable.

Root Certificate

Root certificates that have been uploaded to the iBMC and their information.

The iBMC supports a maximum of 16 root certificates.

Client Certificate

Client certificates that have been uploaded to the iBMC and their information, such as the user name, role, client certificate fingerprint (hash value of the client certificate file) and status.

The iBMC supports client certificates of a maximum of 16 users.

Procedure

Enabling Two-Factor Authentication and Uploading Certificates to the iBMC

NOTE:
  • Before the operation, apply for the root and client certificates from a formal CA.
  • Base64-coded root and client certificates can be uploaded. Valid root and client certificate formats include *.cer, *.crt, and *.pem.
  1. On the menu bar, choose Configuration.
  2. Select Two-Factor Authentication from the navigation tree.

    The Two-Factor Authentication page is displayed.

  3. Set Two-Factor Authentication to .
  4. Select the Root Certificate tab, click next to Certificate, and select the root certificate to be uploaded.
  5. Click Upload.

    If the certificate is uploaded successfully, Imported successfully will be displayed.

  6. Select the Client Certificate tab, click next to the user name, and select the client certificate to be uploaded.
  7. Click Upload.

    If the certificate is uploaded successfully, Imported successfully will be displayed.

Enabling Certificate Revocation Check

  1. Set Certificate Revocation Check to .

Enabling Certificate Authentication for Accessing the iBMC

NOTE:
After uploading certificates, perform the following operations to enable certificate authentication for users who attempt to log in to the iBMC WebUI.
  1. On the client, open your browser, for example, Google Chrome.
  2. Click at the upper right corner and select Settings.
  3. On the Settings window, click Manage certificates under HTTPS/SSL.
  4. Import the client certificate.
  5. Enter the iBMC login address in the address box of the browser.
  6. Select the client certificate as instructed.

    Login to the iBMC WebUI is successful.

Deleting a Root Certificate

  1. On the Root Certificate tab page, click next to the root certificate to be deleted.

    A confirmation dialog box is displayed.

  2. Click Yes.

Deleting a Client Certificate

  1. On the Client Certificate page, click next to the user whose client certificate is to be deleted.

    A confirmation dialog box is displayed.

  2. Click Yes.

Viewing Root Certificate Details

  1. On the Root Certificate tab page, click before the certificate.

    Detailed information about the certificate is displayed.

Download
Updated: 2019-08-01

Document ID: EDOC1000177670

Views: 148042

Downloads: 654

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next