White Papers

PAGE 11 OF 17

Encryption

The SSL security protocol that is built upon public key/private key encryption technology has

been universally accepted on the World Wide Web for authenticated and encrypted

communication between clients and servers to prevent eavesdropping across the network.

Running above TCP/IP and below higher-level protocols (such as HTTP), SSL allows an SSL-

enabled server to authenticate itself to an SSL-enabled client and the client to authenticate

itself to the server. SSL allows both servers to establish an encrypted connection.

SSL Certificate Management

DRAC 4 ships with a default self-signed SSL certificate. It uses a 1024-bit RSA with MD5.

Note: Dell strongly recommends replacing the default certificate with your own SSL

certificate to secure the DRAC 4 since all DRAC 4 cards ship with the same SSL

certificate and with the same SSL private key.

The DRAC 4 server SSL certificate is used by the web server and remote RACADM CLI.

Administrators can replace DRAC 4 server SSL certificate using the following steps:

1) Generate the CSR and Private Key from a DRAC 4. A 1024-bit RSA key is supported.

Note: Dell strongly recommends having CSR CN (common name) set to be the same as

your DRAC 4 RAC name to avoid a host name mismatch complaint during SSL

connection from browsers.

2) Sign the CSR by a trusted CA.

3) Upload the signed CSR to the DRAC 4.

Supported SSL Cipher Suites

DRAC 4 supports SSLv3 and TLS1.0.

The following are Ciphers supported on DRAC 4:

 SSL_RSA_WITH_RC4_128_MD5

 SSL_RSA_WITH_RC4_128_SHA

Secure Shell Encryption

DRAC 4 supports only SSH-2.0 because SSH-1.0 is not considered secure.

The following are ciphers supported by the DRAC 4 SSH:

 Public key: DSA

 Hash: SHA-1, MD5

 Symmetric: 3DES, RC4, AES-128, AES-192, AES-256