john.harris
1 Nickel

Problems with certificate for iDRAC 7

Jump to solution

We would like to replace the self-signed Dell iDRAC certificate with one signed by our pki infrastructure. I have been using the DigiCertUtil application to create a certificate signing request (CRS). This will contain the fully qualified common name as well as the unqualified name as a subject alternative name (SAN). I use this CRS to create a valid certificate then use DigiCertUtil to export this to a pfx. If I upload this pfx (using a password) to the iDRAC through the iDRAC website, the certificate gets uploaded but then on a racrestart, the certificate has become corrupted. Looking at the certificate, the original certificate contains our valid certificate root and issuing CA and the correct certificate. But iDRAC has tagged on an invalid self-signed bit which, of course, is not trusted by anyone. I was following this: 

http://topics-cdn.dell.com/pdf/idrac7-8-with-lc-v2.20.20.20_users-guide_en-us.pdf 

I have created the CRS using the iDRAC web interface with the same results. Am I missing something?

0 Kudos
1 Solution

Accepted Solutions
john.harris
1 Nickel

Re: Problems with certificate for iDRAC 7

Jump to solution

OK, you have to use the iDRAC website to create the CSR. But you don't appear to be able to add additional SANs. You just upload the .cer - without the private key, which is presumably still on the iDRAC - to the iDRAC. I just need to figure out a way of has hacking the CSR to add SANs

0 Kudos
6 Replies
john.harris
1 Nickel

Re: Problems with certificate for iDRAC 7

Jump to solution

OK, you have to use the iDRAC website to create the CSR. But you don't appear to be able to add additional SANs. You just upload the .cer - without the private key, which is presumably still on the iDRAC - to the iDRAC. I just need to figure out a way of has hacking the CSR to add SANs

0 Kudos

Re: Problems with certificate for iDRAC 7

Jump to solution

One option is create a keypair and signed certificate with subject alternate name outside iDRAC and upload private key and signed certificate to iDRAC. You can refer section 1.2 of below wiki to get more details on this

http://en.community.dell.com/techcenter/systems-management/w/wiki/11443.idrac-web-server-certificate...

Thanks-


Shine

0 Kudos
john.harris
1 Nickel

Re: Problems with certificate for iDRAC 7

Jump to solution

Hey Shine

I read this reply from you on another thread and the link didn't work for me: 404 error I would be interested in the workaround. Thanks 

0 Kudos
MikeyK1970
1 Copper

Re: Problems with certificate for iDRAC 7

Jump to solution

I'm actually having the same issue.

I have the key pair and have been unable to upload it via the RACADM on the iDRAC7 (firmware 2.60.60.60).

I do a help on the "sslkeyupload" and the following is listed in the help file:

NOTE: The specified subcommand is not supported in the interface that is currently being used.

I SSH'd into the iDRAC with root permissions to log into the iDRAC, I executed the "racadm" command to go into racadm mode.  I try to use the "sslkeyupload" command and it will not work.

We do not have the racadm module installed on any of our servers.

0 Kudos
Fishbat
1 Copper

Re: Problems with certificate for iDRAC 7

Jump to solution

Trying to do same thing with same results:  The specified subcommand is not supported in the interface that is currently being used.  Any ideas anyone??

0 Kudos
Highlighted
AussieTech
1 Copper

Re: Problems with certificate for iDRAC 7

Jump to solution
This link appears to be dead.
0 Kudos