Skip to main content
Start a Conversation

Unsolved

pbknl

18 Posts

3101

August 5th, 2021 23:00

Install custom certificate on OME without CSR

Hi!,

I'm trying to install a custom certificate on our OpenManage Enterprise (3.7.0 build 82), but when uploading i get an error:

 

Error occurred while uploading SSL certificate:

* CSEC9002 - Unable to upload the certificate because the certificate file provided is invalid.

Recommended action:

* Make sure the CA certificate and private key are correct and retry the operation.

 

I think this is due to the fact I'm not signing the CSR but trying to upload a new PFX or PEM with key/crt/ca-chain.

Unfortunately our internal company CA does not accept CSRs, so i can only generate a key/crt/chain.

 

Does anyone know a workaround?

 

Thanks!

 

 

DELL-Erman O

Moderator

 • 

2.9K Posts

August 6th, 2021 04:00

Hello,

 

As far as I know, creating a CSR outside of the appliance is not supported. When the certificate is installed on the appliance, keychain verification is required. I think authentication fails because the appliance's private key is not used during CSR generation.

 

Also, I checked if there is a workaround for this but as far as I searched I couldn't find it. While digging, I encountered this, in case it might help others, I'd like to share it. Custom SSL Cert Using Microsoft Certificate Authority https://dell.to/2VxcNAr

 

Hope this will help!

pbknl

18 Posts

August 6th, 2021 05:00

Hi Erman,

Thanks for the quick response!, I was afraid for this answer

Can you raise a feature request for this functionality?, it's fairly common to be able to import a PFX/PKCS12 (with key/crt/ca) into a solution.

For example, the Dell idrac does supports this without any issues.

Seems like it's a really easy to implement feature that would help a lot of folks out in similar positions.

For now i guess i'm stuck with the default self signed certificate.

Kind regards,

Peter

 

 

 

DELL-Erman O

Moderator

 • 

2.9K Posts

August 6th, 2021 06:00

Hi Peter,

 

Sure I'm on it. I know there is some restriction on OME when compare with iDRAC for certificates. I'm not certain why these restrictions are on OME. 

 

Regards,

bbosak

3 Posts

March 3rd, 2022 05:00

This is also an issue when trying to pass Qualys Scans for Government Compliance as the QID says a certificate needs to be signed by a trusted third-party Certificate Authority.

It is a bit frustrating dealing with large companies, DELL isn't the only one, that have a difficult time working with certificates.  It's as if security is an after thought even in this day and age.

CSK12

4 Posts

April 27th, 2022 16:00

Is there any solution to this? We want to generate the csr outside of ome , just like how we do  for other servers

DELL-Joey C

Moderator

 • 

4.1K Posts

April 27th, 2022 21:00

Hi @CSK12,

 

After checking out the user guide for the latest OME, it seems the feature has not been implemented. I may suggest to call into support to create a case for feature request to be developed. 

Seven_Dong1

1 Rookie

 • 

6 Posts

January 2nd, 2024 04:08

Hi, @DELL-Joey C, 

Good day,

I am also seeking information about a particular feature. Currently, I am using OME Version 4.0.0 (Build 202), and I am encountering difficulties uploading my certificate into OME. Could you please provide any updates or guidance on this matter?

Thank you.


DELL-Joey C

Moderator

 • 

4.1K Posts

January 2nd, 2024 07:28

Hi,

 

Can you provide more details about the error you encountered and what steps have you taken or how you reproduce the error? What features that you're seeking information about? 

Was this post helpful?

View All

No Events found!

Top