Dell OpenManage Server Administrator (OMSA) 8.4 introduced a bug where the self-signed SSL certificate generated during OMSA installation is created with an expiration date before the creation date.
This causes most web browsers and security scanners to notify the user that the certificate is invalid and therefore not trustworthy. However, most browsers will still allow the user to proceed with caution.
Also, when creating a replacement self-signed certificate within the OMSA web GUI or CLI the expiration date of the resultant certificate appears to be only a few weeks after creation despite OMSA allowing a certificate validity period up to 3650 days (10 years).
This invalid certificate is only created during new OMSA 8.4 installation. Upgrades from previous OMSA versions will retain the existing valid certificate.
There is a manual workaround for creating a proper self-signed certificate:
1) In a Windows shell:
cd "C:\Program Files\Dell\SysMgt\jre\bin" or in Linux shell: cd /opt/dell/srvadmin/lib64/openmanage/jre/bin/
2) Create the certificate:
keytool -genkey --dname "CN=localhost, ou=Dell, O=Dell, c=FR" -alias dellcert --storepass Dell123 -validity 900 -keyalg RSA -keysize 2048 -sigalg SHA256withrsa --storetype pkcs12 -keystore delcert.pfx
3) Verify certificate values:
keytool -list -keystore delcert.pfx -storepass Dell123 -storetype PKCS12 -v
4) Have OMSA CLI install the certificate into its keystore (which has a hidden password)
omconfig preferences webserver attribute=uploadcert certfile=delcert.pfx type=pkcs12 password=Dell123 webserverrestart=true