M1000e CMC SSL question

Question

Due to our internal SSL policy not allowing self signed certs, I need to apply a certificate to the CMC.  I have an existing wildcard cert that I want to use.  I have it in PFX format and PEM format.  I am assuming I need PEM format since I need to specify a private key file and a certificate file. Problem:  I always get bad file format no matter what I try to use.  I did notice that when trying to generate a new cert, it will only generate a 1024-bit cert and I know that my wildcard cert is a 2048-bit cert.  Is that the issue?  If that is the problem, why does the Dell CMC (and probably the iDRAC controllers for the blades as well) not allow you to generate 2048-bit certs?  I have to jump through hoops with my CA to get 1024-bit certs.  Any ideas?

Kong Yang · Answer

Shawn, Sorry to hear that. I haven't run across this but I've sent a note to PG Engineering. Hope to hear back soon. Regards, KongY

Kong Yang · Answer

Shawn,

Here's the response from PG Engineering. Hope this helps you.

Capable but via CLI only –

The CSR generation does have a default keysize of 1024, but the property validation/constraint also allows keysizes of 2048 and 4096.

With racadm, the value can be changed: racadm config -g cfgRacSecurity -o cfgRacSecCsrKeySize 2048.

Regards,

KongY

Blades

Was this post helpful?