Users Guide
134 Using the DRAC 5 With Microsoft Active Directory
The DRAC 5 SSL certificate is the identical certificate used for the DRAC 5
Web server. All DRAC 5 controllers are shipped with a default self-signed
certificate.
To access the certificate using the DRAC 5 Web-based interface, select
Configuration→ Active Directory→ Download DRAC 5 Server Certificate.
1
On the domain controller, open an
MMC Console
window and select
Certificates
→
Trusted Root Certification Authorities
.
2
Right-click
Certificates
, select
All Tasks
and click
Import
.
3
Click
Next
and browse to the SSL certificate file.
4
Install the RAC SSL Certificate in each domain controller’s
Trusted Root
Certification Authority
.
If you have installed your own certificate, ensure that the CA signing your
certificate is in the
Trusted Root Certification Authority
list. If the
Authority is not in the list, you must install it on all your Domain Controllers.
5
Click
Next
and select whether you would like Windows to automatically
select the certificate store based on the type of certificate, or browse to a
store of your choice.
6
Click
Finish
and click
OK
.
Setting the SSL Time on the DRAC 5
When the DRAC 5 authenticates an Active Directory user, the DRAC 5 also
verifies the certificate published by the Active Directory server to ensure that
the DRAC is communicating with an authorized Active Directory server.
This check also ensures that the validity of the certificate is within the time
range specified by the DRAC 5. However, there could be a mismatch between
the time zones specified on the certificate and the DRAC 5. This could
happen when the DRAC 5 time reflects the local system time and the
certificate reflects time in GMT.
To ensure that the DRAC 5 uses the GMT time to compare with the
certificate times, you must set the time zone offset object.
racadm config -g cfgRacTuning -o
cfgRacTuneTimeZoneOffset <
offset value
>
See "cfgRacTuneTimezoneOffset (Read/Write)" for more details.