Skip to main content
Start a Conversation

Solved!

Go to Solution

ntate

1 Rookie

 • 

11 Posts

2982

September 4th, 2020 02:00

iDRAC Redfish ImportSSLCertificate

Hello Dell community.

Would you please have an example how to upload a company provided key and cer using Redfish.

I am after the syntax please.

/redfish/v1/Dell/Managers/ /DelliDRACCardService/Actions/
DelliDRACCardService.ImportSSLCertificate

I have never configured anything with Redfish before.

Thanks so much.

DELL-Sirisha U

1 Rookie

 • 

30 Posts

September 15th, 2020 07:00

Hi,
Greeting from Dell.

Happy That I was able to help you here.
pls accept this as solution working fine and solving the context.

Hit the Kudos button if you like DellEMC support here.

Thanks
Sirisha K
#IWork4Dell

bigh-aus

1 Rookie

 • 

26 Posts

 • 

5 Points

August 1st, 2025 15:03

Also the ACTUAL UP TO DATE documentation for the API can be found here: https://developer.dell.com/apis/2978/versions/7.xx

(edited)

DELL-Sirisha U

1 Rookie

 • 

30 Posts

September 14th, 2020 10:00

Hi,

Greetings from Dell.
with the information shared and query, about import ssl certificate from redfish.

Need to configure Redfish and upload key ,certificate.
we have few steps as listed.

1. perform get operation : https://IP/redfish/v1/Dell/Managers/iDRAC.Embedded.1/DelliDRACCardService
2. check the Actions such as "Server","CSC","CA","ClientTrustCertificate" with the above output.
3. Import ssl certificate
perform POST operation to import SSL certificate with "CA" SSLCertType
https://IP/redfish/v1/Dell/Managers/iDRAC.Embedded.1/DelliDRACCardService/Actions/DelliDRACCardService.ImportSSLCertificate
BODY:-
{"CertificateType":"CA","SSLCertificateFile":"-----BEGIN CERTIFICATE-----
MIIETzCCAzegAwIBAgIJAOC9QruwhIWtMA0GCSqGSIb3DQEBBQUAMIG9MQswCQYD
VQQGEwJJTjESMBAGA1UECAwJS2FybmF0YWthMRIwEAYDVQQHDAlCYW5nYWxvcmUx
FzAVBgNVBAoMDkRlbGwgSW5kaWEgUiZEMSowKAYDVQQLDCFSZW1vdGUgTWFuYWdl
bWVudCBWYWxpZGF0aW9uIFRlYW0xIDAeBgNVBAMMF1JlbW90ZU1nbXRDQS5kcmFj
Q0EuY29tMR8wHQYJKoZIhvcNAQkBFhBzaGluZUBkcmFjQ0EuY29tMB4XDTEyMDgx
MDA4NDQwNloXDTIyMDgwODA4NDQwNlowgb0xCzAJBgNVBAYTAklOMRIwEAYDVQQI
DAlLYXJuYXRha2ExEjAQBgNVBAcMCUJhbmdhbG9yZTEXMBUGA1UECgwORGVsbCBJ
bmRpYSBSJkQxKjAoBgNVBAsMIVJlbW90ZSBNYW5hZ2VtZW50IFZhbGlkYXRpb24g
VGVhbTEgMB4GA1UEAwwXUmVtb3RlTWdtdENBLmRyYWNDQS5jb20xHzAdBgkqhkiG
9w0BCQEWEHNoaW5lQGRyYWNDQS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC76SK8YYsQ1G7raXqEULv789yThwfDF6rqKtid13no9ckNoPZ/NJj8
skIy99Daokl2NmKEP4XZKOFPOlLcSWxkRfipv5L7BUOPbU7OXg9y8R7Yvik0WQzw
v9upfx/XvxrrAuMSfgapLuiU2l5dxcxdq9Ox4YhBgj5652gXOvVVZrwhBTUERJZr
57GHivOvqftN/9j5LKlnz0+wOQ1R1oNXBN7w56iCAfyNWTK0AUaTem60iKB73BVc
SCFUmOBHrDIWh0seOufPrLw8HLBWf3v72RhRNvQ8XQxJ+5RFCnLXqcda5Daj5h1f
5Ur5xFRfahy1/OiTKTgyxmF6N9EGQLzDAgMBAAGjUDBOMB0GA1UdDgQWBBTbzvH0
MeNWbrPMe1cHCCy9psxruDAfBgNVHSMEGDAWgBTbzvH0MeNWbrPMe1cHCCy9psxr
uDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQBc+u4sBmyg2Cgd+O9V
wDg+NT/9hllrcDnhBEGSthB33u506v8XdlxoIJ3I6wnEgvExZPV9Pqg/Eih8JmkK
q0Mgh8QMSqLRinNjNG1TQcSEMxFx0WikWv22/SAlAyvj4D6zb8llaK4GXBavOage
By+LL4ogMBr4zZbvzZe5XyYzjMTRBoTKBlEqjAgR+aHq75ljsTFDxu3HbGGwd5BI
SRrVqI0sa+sAbLDvjAIVI723PfBs54T+bFqkQW7UsRhvY3BFM+66wJc05GpvTAQT
C26c6XD8X2d/HmnBu+jl+U7hY/y/W5NZjP8H134rrQinZ8lGmqcMkgOyj2qqBtcW
K/WE
-----END CERTIFICATE-----
"}
4. POST operation should be success with 200 ok message, output msg is 
"Message": "Reset iDRAC to apply new certificate. Until iDRAC is reset, the old certificate will be active.
5. Perform idrac reset

Here is the above commands just need to run as it is.

To cross check
perform post operation to export SSL certificate with "CA" SSLCertType, and compare both imported and exported "CA" SSLCertType
URI:-https://IP/redfish/v1/Dell/Managers/iDRAC.Embedded.1/DelliDRACCardService/Actions/DelliDRACCardService.ExportSSLCertificate
BODY:{"SSLCertType":"CA"}

This is to upload certificate.
pls check on this and let me know for further Info.

Thanks
Sirisha K
#IWork4Dell

 

ntate

1 Rookie

 • 

11 Posts

September 15th, 2020 07:00

Hi Sirisha Sorry about the formatting... Jan

ntate

1 Rookie

 • 

11 Posts

September 15th, 2020 07:00

Hello Sirisha Thanks so much for helping. Works: https://IP/redfish/v1/Dell/Managers/iDRAC.Embedded.1/DelliDRACCardService return, part shown.: { "SSLCertType@Redfish.AllowableValues": [ "CA", "CSC", "ClientTrustCertificate", "Server" ], "target": "/redfish/v1/Dell/Managers/iDRAC.Embedded.1/DelliDRACCardService/Actions/DelliDRACCardService.ExportSSLCertificate" }, Fail: (Downloded the Cert from the iDRAC Web GUI and try to import as "CA" and "Server") curl -d @uploadcertD.json -H Content-Type:application/json https://10.145.103.135/redfish/v1/Dell/Managers/iDRAC.Embedded.1/DelliDRACCardService/Actions/DelliDRACCardService.ImportSSLCertificate -k -u Lab:E2 {"error":{"@Message.ExtendedInfo":[{"Message":"Certificate import operation failed.","MessageArgs":[""],"MessageArgs@odata.count":1,"MessageId":"IDRAC.2.1.LC011","RelatedProperties":[],"RelatedProperties@odata.count":0,"Resolution":"Do the following and retry the operation: 1) WS-Man: Rerun the command or reset the iDRAC by invoking the iDRACReset method which is defined in the DCIM_iDRACCardService class. 2) iDRAC GUI: Restart the iDRAC.","Severity":"Critical"}],"code":"Base.1.5.GeneralError","message":"A general error has occurred. See ExtendedInfo for more information"}} payload: {"CertificateType":"CA","SSLCertificateFile":"-----BEGIN CERTIFICATE----- MIIGzTCCBbWgAwIBAgITfQABYfPffsR5vjtAfwAAAAFh8zANBgkqhkiG9w0BAQsF ADBnMRQwEgYKCZImiZPyLGQBGRYEY29ycDETMBEGCgmSJomT8ixkARkWA2JtdzEW .....y5YR941iBr+X4/E//NjbZyU= -----END CERTIFICATE----- "} Fail: payload {"SSLCertType":"CA"} curl -d @GET_cert.json -H Content-Type:application/json https://10.145.103.135/redfish/v1/Dell/Managers/iDRAC.Embedded.1/DelliDRACCardService/Actions/DelliDRACCardService.ExportSSLCertificate -k -u Lab:E2 {"error":{"@Message.ExtendedInfo":[{"Message":"Certificate does not exist.","MessageArgs":[],"MessageArgs@odata.count":0,"MessageId":"IDRAC.2.1.LC069","RelatedProperties":[],"RelatedProperties@odata.count":0,"Resolution":"No response action is required.","Severity":"Warning"}],"code":"Base.1.5.GeneralError","message":"A general error has occurred. See ExtendedInfo for more information"}} Works: payload {"SSLCertType":"Server"} curl -d @GET_cert.json -H Content-Type:application/json https://10.145.103.135/redfish/v1/Dell/Managers/iDRAC.Embedded.1/DelliDRACCardService/Actions/DelliDRACCardService.ExportSSLCertificate -k -u Laboradmin:E267D465E8BE % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 3002 100 2978 100 24 7173 57 --:--:-- --:--:-- --:--:-- 7175 { "@Message.ExtendedInfo": [ { "Message": "Successfully Completed Request", "MessageArgs": [], "MessageArgs@odata.count": 0, "MessageId": "Base.1.5.Success", "RelatedProperties": [], "RelatedProperties@odata.count": 0, "Resolution": "None", "Severity": "OK" }, { "Message": "Successfully exported SSL Certificate.",

Mahendravaraman

1 Rookie

 • 

3 Posts

 • 

2 Points

June 23rd, 2024 10:30

Any Update on this thread.

I face similar issue while updating my PowerEdge R740xd ssl certificate via redfishAPI

I have my cert.pfx  in pkcs12 format from SSL/TLS Custom Certificate.

(custom certificate in pkcs12b64encodedstring------->b64decode--->openssl pkcs12  -in ilocert.pfx -out cert.pfx -nodes)

-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

Trying to use API to import certificate

URL: /redfish/v1/Dell/Managers/iDRAC.Embedded.1/DelliDRACCardService/Actions/DelliDRACCardService.ImportSSLCertificate

body payload

         CertificateType: "Server"
         Passphrase: "xxxxxxxxxxxxxxxxxxxx"
         SSLCertificateFile: "cert.pfx "

Always I am getting import certificate failed. can you help me.

tried with CertificateType as CA and Server also tried cert.pfx in different format. All my trials ended with import failure

DELL-Young E

Moderator

 • 

5.4K Posts

 • 

37 Points

June 26th, 2024 06:57

Hello the command you ran seems to be still working, we tested.
We also found a similar discussion here https://dell.to/4cdMzFN (it is best to open an official case at this point- https://dell.to/3RLc2hr)
It is most likely the issue with the way certificate is generated or exported I'm thinking.
Respectfully,

bigh-aus

1 Rookie

 • 

26 Posts

 • 

5 Points

August 1st, 2025 00:50

Actually it would havbe been better to pur more information publicly - eg show us a fake upload with curl with a server and a cert.

bigh-aus

1 Rookie

 • 

26 Posts

 • 

5 Points

August 1st, 2025 01:59

I finally found it after 6 hours of searching.  I want my time back Dell.  Submitted feedback on the api, also left a github issue.

https://github.com/dell/iDRAC-Redfish-Scripting/blob/468fcd2424434d65902a290ca20b69dd7c1a4ca3/Redfish%20Python/ExportImportSSLCertificateREDFISH.py#L216


The endpoint you want to upload a key is which was NOT in the API docs:
/redfish/v1/Managers/iDRAC.Embedded.1/Oem/Dell/DelliDRACCardService/Actions/DelliDRACCardService.UploadSSLKey


Putting it here since it was impossible to find! hopefully it helps other automate in the future.

DELL-Joey C

Moderator

 • 

4.2K Posts

 • 

21K Points

August 1st, 2025 07:48

Hi, 

 

Thanks for sharing your findings. Appreciate it. Thanks for helping others. 

Was this post helpful?

View All

No Events found!

Top