UBruns
1 Nickel

Calling "ImportSSLCertificate" over CimSession

Hi!

I'm trying to call the "ImportSSLCertificate" function of the DCIM_iDRACCardService Class.

[Link to Dell document: http://en.community.dell.com/techcenter/extras/m/white_papers/20442351]

But i always get an error. I think it is a problem with the "SSLCertificateFile" parameter.

The parameter description says: 

A base 64 encoded string of the XML Certificate
file.
Note: For importing CSC certificate, user has to
convert PKCS file to base64 format. Use the
following link to convert the file.

So how must I convert the file, to use it with this function?

Uploading the file over the WebGui was successful.

 

Thanks for reply!

Ulli
[germany]

Tags (1)
0 Kudos
5 Replies

RE: Calling "ImportSSLCertificate" over CimSession

Hello.

So how must I convert the file, to use it with this function?

Yes. To use this function, you must convert the file to base64 format. There is a link provided with instructions to do this. What problems are you experiencing?

Robert Alakara

Dell EMC | Enterprise Services

0 Kudos
UBruns
1 Nickel

RE: Calling "ImportSSLCertificate" over CimSession

Hello.

Thanks for response.

I converted the file content to base64 format and set this as the parameter value.

The function return only with LC011 [Certificate import operation failed.]

Also the wording "A base 64 encoded string of the XML Certificate

file." confuses me. Do I first need to create a XML file, like using the WinRM Tool ???

So I would like to see an example.

I'm using PowerShell with the "Invoke-CimMethod" to execute the function.

Regards

Ulli

0 Kudos
Highlighted

RE: Calling "ImportSSLCertificate" over CimSession

Based on the given information from the link, yes. I have not done this myself before but the same link has quiet helpful information.

Robert Alakara

Dell EMC | Enterprise Services

0 Kudos
UBruns
1 Nickel

RE: Calling "ImportSSLCertificate" over CimSession

Hi Robert!

Sorry, the information are confusing but not very helpful.

I searched the Internet for the term "XML Certificate file", but nothing shows up. So this is not clear!

Would be great to get some more details about how to build the parameter the right way.

Is there any other support channel I can trigger?

I have hundreds of servers to configure, so hunderds of iDRACs... don't want to upload them all over the webgui.. wich is working with generated certificates...

UBruns

0 Kudos
UBruns
1 Nickel

RE: Calling "ImportSSLCertificate" over CimSession

Solved for me!

Ok.. seems that there are some function and documentation errors/issues

First - what I am calling using PowerShell - where

$session is an established CIM-Session to the iDRAC
$certfile is the full path to the certificate file

$certdata = get-content $certfile -raw
$iCardService = Get-CimInstance -CimSession $session -ResourceUri "schemas.dell.com/.../DCIM_iDRACCardService" -Namespace "root/dcim"
$result = Invoke-CimMethod -CimSession $session -InputObject $iCardService -MethodName 'ImportSSLCertificate' -Arguments @{SSLCertificateFile=$certdata;CertificateType=1}

In the documentation (*1) are the following ReturnValues stated:

0 = Completed with no error
2 = Failed

and as returned Message ID:

LC077 = Certificate imported successfully.iDRAC will now restart and be unavailable during restart.
LC011 = Certificate import operation failed.

And here is my "$result | fl" :

Message: Reset iDRAC to apply new certificate. Until iDRAC is reset, the old certificate will be active.
MessageID: DH010
ReturnValue: 2

So what ??? Message sounds good, but this is in an unexpected MessageID and also the ReturnValue says 'Failed'
I expected the documented Message IDs and ReturnValues as documented in my scripts... so every time I stopped the script with an error.

But.. I will give it a try... lets reset the iDRAC (=> reboot the iDRAC)

$result2 = Invoke-CimMethod -CimSession $session -InputObject $iCardService -MethodName 'iDRACReset' -Arguments @{Force=0}

Let us look at this result '$result2 | fl'

Message: iDRAC was successfully reset.
MessageID: RAC064
ReturnValue: 2

Oh... the word 'successfully'.. sounds good... but why is the ReturnValue = 2 (Failed) ???

I don't know. What I know is, the iDRAC was rebooting...

After resetting the iDRAC I connected again to the WebGui and all was fine! The certificate was installed and the browser warnings where gone...

So... I think.. check all function results by yourself... and test it.

UBruns

Documentation Links:

*1 = DCIM iDRAC Card Profile 1.5.4
http://en.community.dell.com/techcenter/extras/m/white_papers/20442351

Tags (1)