Skip to main content
Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

skear

2 Posts

8737

April 6th, 2018 12:00

iDrac 8 SSL Certificate Does Not Contain Subject Alternative Name Field

The self signed SSL certificate generated by the iDrac 8 does not contain the subject alternative name field.  As a result Chrome produces an error (broken HTTPS) since this field is missing.

The same result occurs when using the custom SSL certificate singing option (no SANS field in the resulting certificate).

I've just loaded the latest firmware version I could find for iDrac 8 which is 2.52.52.52 and the issue is still present.  On iDrac 9 this issue does not occur.

Are there any plans to release a firmware update that addresses this issue?  Or is there a workaround to force the iDrac to provide this field in the certificate?

Example below:

Left - iDrac8

Right - iDrac 9 With SAN field

drac8-drac9 SAN.jpg

DELL-Shine K

4 Operator

 • 

3K Posts

April 11th, 2018 21:00

One option is create a keypair and signed certificate with subject alternate name outside iDRAC and upload private key and signed certificate to iDRAC. You can refer section 1.2 of below wiki to get more details on this

 

http://en.community.dell.com/techcenter/systems-management/w/wiki/11443.idrac-web-server-certificate-management 

Daniel My

10 Elder

 • 

6.2K Posts

April 6th, 2018 15:00

Hello

I'm not aware of any plans to change the certificate functionality in the iDRAC7 or 8. Generally, we do not make announcements about upcoming changes with firmware updates. Details about firmware updates are provided when they are released.

You can use our subscription service to be notified when a new update is available for your iDRAC8.

www.dell.com/support/home/drivers/subscription/

Thanks

skear

2 Posts

April 12th, 2018 06:00

Shine,

Thanks for your reply.  Yes, creating the certificate request outside of the iDrac does seem to be a workable solution to this problem.  I think the only downside to this approach is that it would have to be done manually for each idrac. Although I suppose I could create a single certificate that contained the names of all the idrac hostnames on the network.

The SSL singing certificate option is convenient since the same key can be added to all of the idracs on the network which is easy to automate.

Was this post helpful?

View All

No Events found!

Top