Integrated Dell Remote Access Controller 9 RACADM CLI Guide

PDF

sekm

Table 1. Details of sekmThe following table provides details about the sekm subcommand:
sekm
Description	The sekm subcommand is used to enable and disable sekm support for a server, rekey sekm-supported devices on a server, and test the SSL connection to a given sekm server. To run this subcommand, you must have the following privileges: Enable—server control and configure iDRAC privileges Disable—server control and configure iDRAC privileges Rekey—server control and configure iDRAC privileges Testserverconnection—server control and configure iDRAC privileges Getstatus—login privileges
Synopsis	NOTE:To run enable, disable, and testserverconnection commands, the target server must have sekm license. racadm sekm getstatus racadm sekm enable NOTE:When you execute racadm sekm enable, a job ID is returned, query this job id to see the status of sekm. If the query reports failure, check the job ID config results or Lifecycle Controller(LC) logs to find the reason for failure. racadm sekm disable racadm sekm disable -purgeKMSKeys racadm sekm rekey <IDRAC FQDD> racadm sekm testserverconnection -p -i <index of the sekm server> racadm sekm testserverconnection -s -i <index of the sekm server> racadm sekm enable -passphrase <password>
Input	-i—Index of the sekm server to test -p—Indicates primary sekm server -s—Indicates secondary sekm server -purgeKMSKeys—Purge the Key Management Server keys -passphrase—To enter a passphrase when updating encryption mode from iLKM to sekm.
Example	To get sekm status: racadm sekm getstatus To enable sekm feature: racadm sekm enable To disable sekm feature: racadm sekm disable To disable sekm feature and purge KMS keys: racadm sekm disable -purgeKMSKeys To request iDRAC to rekey all the devices: racadm sekm rekey iDRAC.Embedded.1 To test primary sekm server connection: racadm sekm testserverconnection -p -i 1 To test the secondary sekm server connection: racadm sekm testserverconnection -s -i 1 To change security mode to sekm from ilkm: racadm sekm enable -passphrase password NOTE:Only one primary server is supported. Option -i should be 1. NOTE:For sekm getstatus, the returned values and their meaning are as follows: Disabled—sekm functionality has been disabled on iDRAC and no sekm functions are available. Enabled—sekm functionality has been enabled on iDRAC and all sekm functions are available. Failed—iDRAC is unable to communicate with the sekm server. Unverified Changes Exist—Changes have been made to the sekm configuration but not yet enabled using the racadm sekm enable command.