Unsolved
This post is more than 5 years old
12 Posts
0
6472
Unable to Generate CSR - Error Message Using RACADM
I am having a problem generating a CSR with the iDRAC 6 using racadm. Here are the relevant commands from my script:
racadm config -g cfgRacSecurity -o cfgRacSecCsrKeySize 2048
racadm config -g cfgRacSecurity -o cfgRacSecCsrCommonName %computername%.rc.corp.yyz.org
racadm config -g cfgRacSecurity -o cfgRacSecCsrOrganizationName "YYZ Worldwide"
racadm config -g cfgRacSecurity -o cfgRacSecCsrOrganizationUnit WSTS
racadm config -g cfgRacSecurity -o cfgRacSecCsrLocalityName ORyan
racadm config -g cfgRacSecurity -o cfgRacSecCsrStateName TX
racadm config -g cfgRacSecurity -o cfgRacSecCsrCountryCode US
racadm sslcsrgen -g -f tempcsr.txt
The process is failing on the last step using sslcsrgen. Everything that I can find online shows that the syntax is correct. The error message that I get is “unable to generate csr” so not very helpful.
This only occurs using RACADM - when we use the iDRAC web interface to generate a certificate, it works fine.
Any ideas on what's going on here?
Chris Poblete
19 Posts
0
March 15th, 2012 13:00
Hi Kevin,
What system model are you using and can you tell us the BIOS, iDRAC and racadm versions?
DELL-Kevin Ho
12 Posts
0
March 16th, 2012 15:00
Chris - the system is a PowerEdge R710. It has BIOS version 3.0.0, iDRAC 6 version 1.85 and RACADM version 6.5.0 (Build 867).
Some additional news to report - the problem appears to be resolved. When we modified the script to include the cfgRacSecCsrEmailAddr command - something which is supposed to be optional - it worked. Not sure if this is a bug within RACADM v 6.5.0 or what, but it does seem "fixed" now.
Chris Poblete
19 Posts
0
March 21st, 2012 11:00
Hi Kevin,
It turns out that later versions of iDRAC changed the requirements for CSR generation. For best practice, all fields need to be populated to request CSR.