This post is more than 5 years old
1 Rookie
•
55 Posts
0
4037
April 28th, 2020 03:00
Multiple SANs for SSL certificate
I am aware that in iDRAC 9 world (4.10.10.10(Build 32)), one can create a SSL certificate request for an iDRAC through iDRAC Settings > Services > Web Server > SSL Certificate > Generate CSR but can only put in 1 Subject Alternative Names (SANs). I would like more than 1. The documentation on creating CRS through RACADM is very poor: it appears as though using racadm with sslcsrgen you cannot define anything, let alone multiple SANs. I have also used DigiCert Utility to create a certificate with multiple SANs and export it with the private key as a pfx. However, importing this pfx really breaks the iDRAC as the certificate is so untrusted, I cannot use any web browser to connect to it. I had to use racadm to bin off the pfx certificate. Is there a better way?
DELL-Shine K
6 Operator
•
3K Posts
0
April 28th, 2020 04:00
You can give upto 4 SAN when creating CSR from iDRAC. There is only one field on "iDRAC Settings > Services > Web Server > SSL Certificate" page tp specify SAN. On this field you can give to upto 4 SAN by comma separated.
If you are creating CSR and certificate outside iDRAC then you need to upload the private key to iDRAC first using "racadm sslkeyupload" command then upload signed certificate.
john.harris
1 Rookie
•
55 Posts
0
April 28th, 2020 06:00
Thank you Shine, that is very informative. I tried adding more SANs using comma, space, semi-colon, colon and quit after getting the red 'Invalid Alternative Subject Name' warning. I now see that if I had just continued with a comma, it would have been OK. Thanks also for the private key upload tip.