Users Guide
CAUTION: When a new CSR is generated, it overwrites any previous CSR on CMC. If a pending CSR is overwritten
before its server certicate is granted from a certicate authority, CMC does not accept the server certicate because
the information it uses to authenticate the certicate has been lost. Take caution when generating a CSR to prevent
overwriting any pending CSR.
Generating a New Certicate Signing Request Using Web Interface
To generate a CSR using the CMC Web interface:
1.
In the system tree, go to Chassis Overview, and then click Network → SSL. The SSL Main Menu is displayed.
2. Select Generate a New Certicate Signing Request (CSR) and click Next. The Generate Certicate Signing Request (CSR)
page is displayed.
3. Type a value for each CSR attribute value.
4. Click Generate. A File Download dialog box appears.
5. Save the csr.txt le to your management station or shared network. (You may also open the le at this time and save it later.)
You must later submit this le to a certicate authority.
Generating CSR Using RACADM
To generate a CSR, use the objects in cfgRacSecurityData group to specify the values and use the sslcsrgen command to
generate the CSR. For more information, see the Chassis Management Controller for Dell PowerEdge M1000e RACADM Command
Line Reference Guide available at dell.com/support/manuals.
Uploading Server Certicate
After generating a CSR, you can upload the signed SSL server certicate to the CMC rmware. CMC resets after the certicate is
uploaded. CMC accepts only X509, Base 64 encoded Web server certicates.
CAUTION: During the certicate upload process, CMC is not available.
NOTE: If you upload a certicate and try to view it immediately, an error message is displayed indicating that the
requested operation cannot be performed. This happens because the web server is in the process of restarting with the
new certicate. After the web server restarts, the certicate is uploaded successfully and you can view the new
certicate. After uploading a certicate, you may experience a delay of around one minute before being able to view the
uploaded certicate.
NOTE: You can upload a self-signed certicate (generated using the CSR feature) only once. Any attempt to upload the
certicate a second time is not successful, as the private key is deleted after the rst certicate upload.
Uploading Server Certicate Using CMC Web Interface
To upload a server certicate using the CMC Web interface:
1. In the system tree, go to Chassis Overview, and then click Network → SSL. The SSL Main Menu is displayed.
2. Select Upload Server Certicate Based on Generated CSR option and click Next.
3. Click Choose File and specify the certicate le.
4. Click Apply. If the certicate is invalid, an error message is displayed.
NOTE: The File Path value displays the relative le path of the certicate you are uploading. You must type the
absolute le path, which includes the full path and the complete le name and le extension.
Uploading Server Certicate Using RACADM
To upload the SSL server certicate, use the sslcertupload command. For more information, see the Chassis Management
Controller for Dell PowerEdge M1000e RACADM Command Line Reference Guide available at dell.com/support/manuals.
Uploading Webserver Key and Certicate
You can upload a Web server key and a server certicate for the Web server key. The server certicate is issued by the Certicate
Authority (CA).
84