PowerFlex Management Platform: Unable to Change iDRAC Password when Using Custom SSL Certs

Summary: iDRAC password cannot be changed through the PowerFlex Management Platform (PFMP) web UI when using custom SSL certificates.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

Scenario

Default PFMP self-signed certificate replaced with custom PFMP SSL certificate.

The thin-deployer logs report the following error:

requests.exceptions.SSLError: HTTPSConnectionPool(host='10.10.10.25', port=443): Max retries exceeded with url: /httpshare/download/idrac_config_xml/10.10.10.21.config.xml (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)')))
Aug 05,2024 17:05:55 ERROR,An unknown error occurred in snmp_idrac_settings for 10.10.10.21 - 996293b3-9997-4793-a00d-3ce9aa05f78e
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='10.10.10.25', port=443): Max retries exceeded with url: /httpshare/download/idrac_config_xml/10.10.10.21.config.xml (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)')))
    raise SSLError(e, request=request)

Impact

Unable to update the iDRAC Resource Credential password through the PFMP UI under the Resources tab. 

Cause

The system accesses the HTTPS ingress using its external IP but relies on the internal PFMP platform CA certificate for SSL certificate validation. If an end-user uploads their own Appliance SSL certificate, the custom certificate replaces the default SSL certificate. This includes Ingress IPs that match the source network. The iDRAC network does not match the custom certificates SAN configuration.

Resolution

  1. Open a support case if you must leverage PFxM to automate the iDRAC password change. This requires reverting to the default Ingress PFMP certificate. A support engagement is required to perform this operation.
  2. The end-user can manually change the iDRAC password through the iDRAC web UI. Be sure to update the iDRAC credentials in PFxM to match the password in iDRAC.

Log in to iDRAC web UI > iDRAC Settings > Users > Local Users > Edit > Save

Example:

Screenshot of setting change

Impacted Versions

PFMP 4.6.x and earlier

Affected Products

PowerFlex rack RCM Software
Article Properties
Article Number: 000258783
Article Type: How To
Last Modified: 11 Dec 2024
Version:  1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.