1. Oracle ILOM Protocol Management Reference SNMP and IPMI Firmware Release 5.0.x
  2. Server Management Using IPMI
  3. Intelligent Platform Management Interface (IPMI)
  4. IPMI TLS Service and Interface
  5. TLS Session Feature Summary

TLS Session Feature Summary

Feature Description

Secure Communication Protocol Data Transmission

A secure TLS/TCP socket connection is used (over Ethernet and LAN over USB) to transmit and receive data between the IPMI client the server SP.

Negotiation of Highest Cipher Suite

IPMI/TLS client sessions negotiate to highest cipher suite supported on the server SP.

Authentication

Uses local SP authorization to validate user credentials and to set client session privileges.

Note: LDAP, Active Directory, and RADIUS user authorization is currently not supported as of firmware Oracle ILOM 3.2.8.

Audit Log of IPMI Login Events

The Audit Log captures all IPMI login events (successful and failed attempts).

SSL Certificate Validation

Automatically validates the SSL client certificate against a list of trusted certificates stored in the user specified directory (ipmitool --cert-dir option).

Note that when the IPMI TLS interface (orcltls) is unable to validate the client certificate, the user is prompted to cross-check the certificate's authentic fingerprint with the SSL certificate authentic fingerprints stored in the local SP directory (/SP/services/https/ssl). If a match is not found, the user should respond No. Otherwise, if a match is found, the user should respond Yes to proceed.

For information about how to disable the check option for certificate validation when the orcltls interface is specified see, Disable Default TLS Behavior for SSL Certificate Check.

For information about uploading and managing SSL certificates on the server SP, see Use of Web Server Certificates and SSH Server-Side Keys .