Users Guide
NOTE: Any server certificate you upload must be current (not expired) and signed by a certificate authority.
Related links
Generating a New Certificate Signing Request
Uploading Server Certificate
Viewing Server Certificate
Generating a New Certificate Signing Request
To ensure security, it is strongly recommended that you obtain and upload a secure server certificate to CMC. Secure server
certificates ensure the identity of a remote system and that information exchanged with the remote system cannot be viewed or
changed by others. Without a secure server certificate, CMC is vulnerable to access from unauthorized users.
To obtain a secure server certificate for CMC, you must submit a Certificate Signing Request (CSR) to a certificate authority of
your choice. A CSR is a digital request for a signed, secure server certificate containing information about your organization and a
unique, identifying key.
After generating the CSR, you are prompted to save a copy to your management station or shared network, and the unique
information used to generate the CSR is stored on CMC. This information is used later to authenticate the server certificate you
receive from the certificate authority. After you receive the server certificate from the certificate authority, you must then upload it
to CMC.
NOTE: For CMC to accept the server certificate returned by the certificate authority, authentication information
contained in the new certificate must match the information that was stored on CMC when the CSR was generated.
CAUTION: When a new CSR is generated, it overwrites any previous CSR on CMC. If a pending CSR is overwritten
before its server certificate is granted from a certificate authority, CMC does not accept the server certificate because
the information it uses to authenticate the certificate has been lost. Take caution when generating a CSR to prevent
overwriting any pending CSR.
Generating a New Certificate Signing Request Using Web Interface
To generate a CSR using the CMC Web interface:
1. In the system tree, go to Chassis Overview, and then click Network → SSL. The SSL Main Menu is displayed.
2. Select Generate a New Certificate Signing Request (CSR) and click Next. The Generate Certificate Signing Request
(CSR) page is displayed.
3. Type a value for each CSR attribute value.
4. Click Generate. A File Download dialog box appears.
5. Save the csr.txt file to your management station or shared network. (You may also open the file at this time and save it later.)
You must later submit this file to a certificate authority.
Generating CSR Using RACADM
To generate a CSR, use the objects in cfgRacSecurityData group to specify the values and use the sslcsrgen command to
generate the CSR. For more information, see the Chassis Management Controller for Dell PowerEdge M1000e RACADM Command
Line Reference Guide available at dell.com/support/manuals.
Uploading Server Certificate
After generating a CSR, you can upload the signed SSL server certificate to the CMC firmware. CMC resets after the certificate is
uploaded. CMC accepts only X509, Base 64 encoded Web server certificates.
CAUTION: During the certificate upload process, CMC is not available.
NOTE: If you upload a certificate and try to view it immediately, an error message is displayed indicating that the
requested operation cannot be performed. This happens because the web server is in the process of restarting with the
new certificate. After the web server restarts, the certificate is uploaded successfully and you can view the new
certificate. After uploading a certificate, you may experience a delay of around one minute before being able to view the
uploaded certificate.
NOTE: You can upload a self-signed certificate (generated using the CSR feature) only once. Any attempt to upload the
certificate a second time is not successful, as the private key is deleted after the first certificate upload.
85