Security and SSL settings

With these functions, you can ensure your iLO’s security settings are as secure as you want them, including using proper SSL certificates for communication.

class hpilo.Ilo
cert_fqdn(use_fqdn)

Configure whether to use the fqdn or the short hostname for certificate requests

get_cert_subject_info()

Get ssl certificate subject information

>>> ilo.get_cert_subject_info()
{'csr_subject_common_name': 'example-server.int.kaarsemaker.net',
 'csr_subject_country': 'US',
 'csr_subject_location': 'Houston',
 'csr_subject_org_name': 'Hewlett-Packard Development Company',
 'csr_subject_orgunit_name': 'ISS',
 'csr_subject_state': 'Texas',
 'csr_use_cert_2048pkey': 'NO',
 'csr_use_cert_custom_subject': 'NO',
 'csr_use_cert_fqdn': 'YES'}
certificate_signing_request(country=None, state=None, locality=None, organization=None, organizational_unit=None, common_name=None)

Get a certificate signing request from the iLO

import_certificate(certificate)

Import a signed SSL certificate

computer_lock_config(computer_lock=None, computer_lock_key=None)

Configure the computer lock settings

fips_enable()

Enable FIPS standard to enforce AES/3DES encryption, can only be reset with a call to factory_defaults. Resets Administrator password and license key

get_encrypt_settings()

Get the iLO encryption settings

>>> ilo.get_encrypt_settings()
/home/dennis/code/python-hpilo/hpilo.py:533: IloWarning: ESKM servers are not configured.
  warnings.warn(child.get('MESSAGE'), IloWarning)
{'enable_redundancy': True,
 'eskm_cert_name': '',
 'eskm_primary_server_address': '',
 'eskm_primary_server_port': 0,
 'eskm_secondary_server_address': '',
 'eskm_secondary_server_port': 0}
mod_encrypt_settings(user_login, password, ilo_group_name, cert_name, enable_redundancy, primary_server_address, primary_server_port, secondary_server_address=None, secondary_server_port=None)

Configure encryption settings

get_fips_status()

Is the FIPS-mandated AES/3DESencryption enforcement in place

>>> ilo.get_fips_status()
{'fips_mode': 'Enabled'}
get_security_msg()

Retrieve the security message that is displayed on the login screen

>>> ilo.get_security_msg()
{'security_msg': 'Enabled',
 'security_msg_text': 'Time is an illusion. Lunchtime doubly so'}
set_security_msg(security_msg, security_msg_text='')

Enables/disables the security message on the iLO login screen and sets its value

get_tpm_status()

Get the status of the Trusted Platform Module

>>> ilo.get_tpm_status()
>>> pprint(my_ilo.get_tpm_status())
{'tpm_enabled': 'No', 'tpm_present': 'No', 'tpm_supported': 'Yes'}