Users Guide
certicate authority issues a certicate to the applicant that uniquely identies that applicant for transactions over networks and on the
Internet.
After the certicate authority approves the CSR and sends you a certicate, you must upload the certicate to the CMC rmware. The
CSR information stored on the CMC rmware must match the information contained in the certicate.
NOTE: To congure SSL settings for CMC, you must have Chassis Conguration Administrator privilege.
NOTE: Any server certicate you upload must be current (not expired) and signed by a certicate authority.
Related links
Generating a New Certicate Signing Request
Uploading Server Certicate
Viewing Server Certicate
Generating a New Certicate Signing Request
To ensure security, it is strongly recommended that you obtain and upload a secure server certicate to CMC. Secure server certicates
ensure the identity of a remote system and that information exchanged with the remote system cannot be viewed or changed by others.
Without a secure server certicate, CMC is vulnerable to access from unauthorized users.
To obtain a secure server certicate for CMC, you must submit a Certicate Signing Request (CSR) to a certicate authority of your
choice. A CSR is a digital request for a signed, secure server certicate containing information about your organization and a unique,
identifying key.
After generating the CSR, you are prompted to save a copy to your management station or shared network, and the unique information
used to generate the CSR is stored on CMC. This information is used later to authenticate the server certicate you receive from the
certicate authority. After you receive the server certicate from the certicate authority, you must then upload it to CMC.
NOTE
: For CMC to accept the server certicate returned by the certicate authority, authentication information contained in
the new certicate must match the information that was stored on CMC when the CSR was generated.
CAUTION: When a new CSR is generated, it overwrites any previous CSR on CMC. If a pending CSR is overwritten before its
server certicate is granted from a certicate authority, CMC does not accept the server certicate because the information it
uses to authenticate the certicate has been lost. Take caution when generating a CSR to prevent overwriting any pending CSR.
Generating a New Certicate Signing Request Using Web Interface
To generate a CSR using the CMC Web interface:
1 In the system tree, go to Chassis Overview, and then click Network > SSL. The SSL Main Menu is displayed.
2 Select Generate a New Certicate Signing Request (CSR) and click Next. The Generate Certicate Signing Request (CSR) page
is displayed.
3 Type a value for each CSR attribute value.
4 Click Generate. A File Download dialog box appears.
5 Save the csr.txt le to your management station or shared network. (You may also open the le at this time and save it later.) You must
later submit this le to a certicate authority.
Generating CSR Using RACADM
To generate a CSR, use the objects in cfgRacSecurityData group to specify the values and use the sslcsrgen command to
generate the CSR. For more information, see the Chassis Management Controller for Dell PowerEdge M1000e RACADM Command Line
Reference Guide available at dell.com/support/manuals.
Conguring
CMC 95