Unsolved
This post is more than 5 years old
1 Message
0
13319
October 22nd, 2012 20:00
iDrac SSL support - can I use RSA cert with 2048 bit public key?
I am trying to put a cert into my idrac on a dell r710
It seems the only way I can do that is by generating a cert request from the iDrac which seems to have a 1024bit public key.
This is really crappy, These days a 2048bit key should be supported but if I generate the entrire cert from our CA with a 2048 pub key and try to import it with the private key it won't work.
Seems the only way to use SSL is to start with a cert request from the iDrac which means you are stuck with an inadequate 1024bit public key!
Is there anyway to use a cert with better than a 1024bit public key?
Please help!
Fact is ourt CA wont allow certs with lower than 2048bit keys!
No Events found!
DELL-Shine K
6 Operator
•
3K Posts
1
October 23rd, 2012 03:00
We can upload SSL certificate to iDRAC in two ways
1: Create a CSR from iDRAC. Get it signed by a CA then uploads the signed certificate back to iDRAC.
In this method we can use racadm software (Local or Remote Racadm) to created 2048bit keys. Here are the steps
a: Set all objects under cfgRacSecurity Group. Here user can set object "cfgRacSecCsrKeySize" to "2048" to create 2048bit CSR
b: Generate a CSR file on iDRAC
racadm sslcsrgen -g
c: Download the CSR from iDRAC
racadm sslcsrgen -f
d: Get a certificate signed by any CA using the CSR
e: Upload the signed certificate to iDRAC
racadm sslcertupload -t 1 -f
2: Create a key pair and signed certificate outside iDRAC and upload private key and signed certificate to iDRAC
In this method you can create a key pair and get a certificate using the public key. Then we can upload the private key and signed certificate to iDRAC. Before uploading privatekey to iDRAC user need to remove pass phrase.
a: Upload private key to iDRAC
racadm sslkeyupload -f
b: Upload the signed certificate
racadm sslcertupload -t 1 -f