a. Log in to iLO by using the default user credentials.
b. Click Security in the navigation tree, and then click the Encryption tab.
c. Select SuiteB in the Security State menu, and then click Apply.
iLO prompts you to confirm the request.
d. To confirm the request to enable SuiteB, click OK.
iLO reboots with the SuiteB security state enabled. Wait at least 90 seconds before attempting to
re-establish a connection.
e. Log in to iLO again by using the default iLO credentials.
7. Install a trusted certificate.
The default self-signed SSL certificate is not allowed in FIPS mode, and previously installed trusted
certificates are deleted when you set iLO to use the FIPS security state.
8. Verify that IPMI/DCMI over LAN Access and SNMP Access are disabled on the Access Settings
page.
IMPORTANT:
Some iLO interfaces, such as the standards-compliant implementations of IPMI and SNMP, are
not FIPS-compliant and cannot be made FIPS-compliant.
9. Optional: Restore the iLO configuration by using the iLO restore feature or HPONCFG.
User credentials are required when you restore the configuration with HPONCFG, and you must
have the following user privileges: Login, Configure iLO Settings, and Administer User Accounts.
HPONCFG for Windows is not supported when iLO is configured to use the SuiteB security state.
For more information, see iLO backup and restore or the iLO scripting and CLI guide.
10. Optional: If you restored the configuration, set new passwords for local iLO user accounts, and
confirm that IPMI/DCMI over LAN Access and SNMP Access are disabled on the Access Settings
page.
These settings might be reset when you restore the configuration.
11. Optional: Configure the Login Security Banner to inform iLO users that the system is using FIPS
mode.
Connecting to iLO when using higher security states
After you enable a security state that is higher than the default value (Production), iLO requires that you
connect through secure channels by using an AES cipher.
When iLO is configured to use the SuiteB security state, an AES 256 GCM cipher is required.
Web browser
Configure the browser to support TLS 1.2 and an AES cipher. If the browser is not using an AES
cipher, you cannot connect to iLO.
Different browsers use different methods for selecting a negotiated cipher. For more information, see
your browser documentation.
Connecting to iLO when using higher security states 259
To Next Page
Loading...
Need help?
General