Enrolling a KEK certificate

  1. From the System Utilities screen, select System Configuration > BIOS/Platform Configuration (RBSU) > Server Security > Secure Boot Settings > Advanced Secure Boot Options > Key Exchange Key (KEK) Options > Enroll KEK Entry and press Enter.
  2. Select Enroll KEK using File and press Enter.
  3. Enter the name of a file on an attached media device. Supported formats include .der, .cer, and .crt.
  4. (Optional) To apply a signature GUID to this key:
    1. Select Signature GUID (optional) and press Enter.
    2. Enter an ID and press Enter. Use the following GUID format (36 characters): 11111111-2222-3333-4444-1234567890ab.
      • For Hewlett Packard Enterprise certificates, enter F5A96B31-DBA0-4faa-A42A-7A0C9832768E

      • For Microsoft certificates, enter 77fa9abd-0359-4d32-bd60-28f4e78f784b

      • For SUSE certificates, enter 2879c886-57ee-45cc-b126-f92f24f906b9

  5. Select Commit changes and exit.