Users Guide
• Allow the client to authenticate itself to the server.
• Allow both systems to establish an encrypted connection.
This encryption process provides a high level of data protection. CMC employs the 128-bit SSL encryption standard, the most secure
form of encryption generally available for Internet browsers in North America.
The CMC Web server includes a Dell self-signed SSL digital certicate (Server ID). To ensure high security over the Internet, replace
the Web server SSL certicate by submitting a request to CMC to generate a new Certicate Signing Request (CSR).
At boot time, a new self-signed certicate is generated if:
• A custom certicate is not present
• A self-signed certicate is not present
• The self-signed certicate is corrupt
• The self-signed certicate is expired (within 30 day window)
The self-signed certicate displays the common name as <cmcname.domain-name> where cmcname is the CMC host name and
domain-name is the domain name. If domain name is not available it displays only the Partially Qualied Domain Name (PQDN),
which is the CMC host name.
Certicate Signing Request
A Certicate Signing Request (CSR) is a digital request to a certicate authority (referred to as a CA in the Web interface) for a
secure server certicate. Secure server certicates ensure the identity of a remote system and ensure that information exchanged
with the remote system cannot be viewed or changed by others. To ensure the security for your CMC, it is strongly recommended
that you generate a CSR, submit the CSR to a certicate authority, and upload the certicate returned from the certicate authority.
A certicate authority is a business entity that is recognized in the IT industry for meeting high standards of reliable screening,
identication, and other important security criteria. Examples of CAs include Thawte and VeriSign. After the certicate authority
receives your CSR, they review and verify the information the CSR contains. If the applicant meets the certicate authority’s
security standards, the certicate authority issues a certicate to the applicant that uniquely identies that applicant for transactions
over networks and on the Internet.
After the certicate authority approves the CSR and sends you a certicate, you must upload the certicate to the CMC rmware.
The CSR information stored on the CMC rmware must match the information contained in the certicate.
NOTE: To congure SSL settings for CMC, you must have Chassis Conguration Administrator privilege.
NOTE: Any server certicate you upload must be current (not expired) and signed by a certicate authority.
Related link
Generating a New Certicate Signing Request
Uploading Server Certicate
Viewing Server Certicate
Generating a New Certicate Signing Request
To ensure security, it is strongly recommended that you obtain and upload a secure server certicate to CMC. Secure server
certicates ensure the identity of a remote system and that information exchanged with the remote system cannot be viewed or
changed by others. Without a secure server certicate, CMC is vulnerable to access from unauthorized users.
To obtain a secure server certicate for CMC, you must submit a Certicate Signing Request (CSR) to a certicate authority of your
choice. A CSR is a digital request for a signed, secure server certicate containing information about your organization and a unique,
identifying key.
After generating the CSR, you are prompted to save a copy to your management station or shared network, and the unique
information used to generate the CSR is stored on CMC. This information is used later to authenticate the server certicate you
receive from the certicate authority. After you receive the server certicate from the certicate authority, you must then upload it
to CMC.
NOTE: For CMC to accept the server certicate returned by the certicate authority, authentication information
contained in the new certicate must match the information that was stored on CMC when the CSR was generated.
83