Users Guide

ManualsBrandsDell ManualsActive System ManageriDRAC7/8 with Lifecycle Controller Version 2.50.50.50

131

132

133

134

135

136

137

138

139

140

Exporting domain controller root CA certicate to iDRAC

NOTE: If your system is running Windows 2000 or if you are using standalone CA, the following steps may vary.

To export the domain controller root CA certicate to iDRAC:

1 Locate the domain controller that is running the Microsoft Enterprise CA service.

2 Click Start > Run.

3 Enter mmc and click OK.

4 In the Console 1 (MMC) window, click File (or Console on Windows 2000 systems) and select Add/Remove Snap-in.

5 In the Add/Remove Snap-In window, click Add.

6 In the Standalone Snap-In window, select Certicates and click Add.

7 Select Computer and click Next.

8 Select Local Computer, click Finish, and click OK.

9 In the Console 1 window, go to Certicates Personal Certicates folder.

10 Locate and right-click the root CA certicate, select All Tasks, and click Export....

11 In the Certicate Export Wizard, click Next, and select No do not export the private key.

12 Click Next and select Base-64 encoded X.509 (.cer) as the format.

13 Click Next and save the certicate to a directory on your system.

14 Upload the certicate you saved in step 13 to iDRAC.

Importing iDRAC rmware SSL certicate

iDRAC SSL certicate is the identical certicate used for iDRAC Web server. All iDRAC controllers are shipped with a default self-signed

certicate.

If the Active Directory Server is set to authenticate the client during an SSL session initialization phase, you need to upload iDRAC Server

certicate to the Active Directory Domain controller. This additional step is not required if the Active Directory does not perform a client

authentication during an SSL session’s initialization phase.

NOTE

: If your system is running Windows 2000, the following steps may vary.

NOTE: If iDRAC rmware SSL certicate is CA-signed and the certicate of that CA is already in the domain controller's Trusted

Root Certicate Authority list, do not perform the steps in this section.

To import iDRAC rmware SSL certicate to all domain controller trusted certicate lists:

1 Download iDRAC SSL certicate using the following RACADM command:

racadm sslcertdownload -t 0x1 -f <RAC SSL certificate>

2 On the domain controller, open an MMC Console window and select Certicates > Trusted Root Certication Authorities.

3 Right-click Certicates, select All Tasks and click Import.

4 Click Next and browse to the SSL certicate le.

5 Install iDRAC SSL Certicate in each domain controller’s Trusted Root Certication Authority.

If you have installed your own certicate, make sure that the CA signing your certicate is in the Trusted Root Certication Authority

list. If the Authority is not in the list, you must install it on all your domain controllers.

6 Click Next and select whether you want Windows to automatically select the certicate store based on the type of certicate, or

browse to a store of your choice.

7 Click Finish and click OK. The iDRAC rmware SSL certicate is imported to all domain controller trusted certicate lists.

Conguring

user accounts and privileges 139