55 Posts
0
15768
Problems with certificate for iDRAC 7
We would like to replace the self-signed Dell iDRAC certificate with one signed by our pki infrastructure. I have been using the DigiCertUtil application to create a certificate signing request (CRS). This will contain the fully qualified common name as well as the unqualified name as a subject alternative name (SAN). I use this CRS to create a valid certificate then use DigiCertUtil to export this to a pfx. If I upload this pfx (using a password) to the iDRAC through the iDRAC website, the certificate gets uploaded but then on a racrestart, the certificate has become corrupted. Looking at the certificate, the original certificate contains our valid certificate root and issuing CA and the correct certificate. But iDRAC has tagged on an invalid self-signed bit which, of course, is not trusted by anyone. I was following this:
http://topics-cdn.dell.com/pdf/idrac7-8-with-lc-v2.20.20.20_users-guide_en-us.pdf
I have created the CRS using the iDRAC web interface with the same results. Am I missing something?
john.harris
55 Posts
0
May 16th, 2018 06:00
OK, you have to use the iDRAC website to create the CSR. But you don't appear to be able to add additional SANs. You just upload the .cer - without the private key, which is presumably still on the iDRAC - to the iDRAC. I just need to figure out a way of has hacking the CSR to add SANs
DELL-Shine K
4 Operator
4 Operator
•
3K Posts
0
May 16th, 2018 07:00
One option is create a keypair and signed certificate with subject alternate name outside iDRAC and upload private key and signed certificate to iDRAC. You can refer section 1.2 of below wiki to get more details on this
http://en.community.dell.com/techcenter/systems-management/w/wiki/11443.idrac-web-server-certificate-management
john.harris
55 Posts
0
May 17th, 2018 04:00
Hey Shine
I read this reply from you on another thread and the link didn't work for me: 404 error I would be interested in the workaround. Thanks
MikeyK1970
1 Message
0
November 13th, 2018 11:00
I'm actually having the same issue.
I have the key pair and have been unable to upload it via the RACADM on the iDRAC7 (firmware 2.60.60.60).
I do a help on the "sslkeyupload" and the following is listed in the help file:
NOTE: The specified subcommand is not supported in the interface that is currently being used.
I SSH'd into the iDRAC with root permissions to log into the iDRAC, I executed the "racadm" command to go into racadm mode. I try to use the "sslkeyupload" command and it will not work.
We do not have the racadm module installed on any of our servers.
Fishbat
2 Posts
0
December 11th, 2018 04:00
Trying to do same thing with same results: The specified subcommand is not supported in the interface that is currently being used. Any ideas anyone??
AussieTech
1 Message
1
August 15th, 2019 05:00