Dell R720 & R710 iDrac - "appweb < 3.3.3 insecure SSL renegotiation" security risk - How do I fix / resolve?

Scottpa100,

What you would need to generate a CSR (Certificate Signing Request) for the iDrac. Then you need to get it approved by a CA (Certification Authority). After that then you would load that to the iDrac and it shouldn't report further.

Let me know how it goes.

Here's a guide on CSR's - <ADMIN NOTE: Broken link has been removed from this post by Dell>

I have 12 R710's all with the 1.92 iDRAC6 firmware. Only 6 of my 12 are returning that security issue from a Nessus scan even though all 12 are using the Dell self-signed certificate. I have rescanned them multiple times and always the same results. They are all on the same network with no firewall. So I am almost certain that paying hundred$ for a SSL cert is not the only option to fix this. I also have the issue were 6 of the 12 self signed certs use MD5 and others use SHA1 on identical R710's (not the same 6 as above). I have a feeling it has more to do with the original iDRAC version that the server shipped with, regardless of which version it is currently running. I am going to try re-applying the 1.92 and un-checking the retain settings option. This supposedly will regenerate the SSL certs. Hopefully that will fix it without having to spend a ton of money on un-necessary SSL certs.

I have not tried wiping my config yet since I am remote from the datacenter and would have to manually reconfigure my iDRAC IPs. I did however do an iDRAC reboot on all 6 of my R710s that has the Nessus 61396 warning. I SSH'd into them and ran the "racadm racreset" command. After the iDRAC came back up on all servers I manually rescanned them with Nessus and the 61396 warnings are gone on all of them.