Users Guide

ManualsBrandsDell ManualsActive System ManageriDRAC7 with Lifecycle Controller Version 2.40.40.40

121

122

123

124

125

126

127

128

129

130

Enabling SSL on domain controller

When iDRAC authenticates users with an Active Directory domain controller, it starts an SSL session with the domain controller. At

this time, the domain controller must publish a certicate signed by the Certicate Authority (CA)—the root certicate of which is

also uploaded into iDRAC. For iDRAC to authenticate to

any domain controller—whether it is the root or the child domain controller

—that domain controller must have an SSL-enabled certicate signed by the domain’s CA.

If you are using Microsoft Enterprise Root CA to automatically assign all your domain controllers to an SSL certicate, you must:

1. Install the SSL certicate on each domain controller.

2. Export the Domain Controller Root CA Certicate to iDRAC.

3. Import iDRAC Firmware SSL Certicate.

Related links

Installing SSL certicate for each domain controller

Exporting domain controller root CA certicate to iDRAC

Importing iDRAC rmware SSL certicate

Installing SSL certicate for each domain controller

To install the SSL certicate for each controller:

1. Click Start → Administrative Tools → Domain Security Policy.

2. Expand the Public Key Policies folder, right-click Automatic Certicate Request Settings and click Automatic Certicate

Request.

The Automatic Certicate Request Setup Wizard is displayed.

3. Click Next and select Domain Controller.

4. Click Next and click Finish. The SSL certicate is installed.

Exporting domain controller root CA certicate to iDRAC

NOTE: If your system is running Windows 2000 or if you are using standalone CA, the following steps may vary.

To export the domain controller root CA certicate to iDRAC:

1. Locate the domain controller that is running the Microsoft Enterprise CA service.

2. Click Start → Run.

3. Enter mmc and click OK.

4. In the Console 1 (MMC) window, click File (or Console on Windows 2000 systems) and select Add/Remove Snap-in.

5. In the Add/Remove Snap-In window, click Add.

6. In the Standalone Snap-In window, select Certicates and click Add.

7. Select Computer and click Next.

8. Select Local Computer, click Finish, and click OK.

9. In the Console 1 window, go to Certicates Personal Certicates folder.

10. Locate and right-click the root CA certicate, select All Tasks, and click Export....

11. In the Certicate Export Wizard, click Next, and select No do not export the private key.

12. Click Next and select Base-64 encoded X.509 (.cer) as the format.

13. Click Next and save the certicate to a directory on your system.

14. Upload the certicate you saved in step 13 to iDRAC.

Importing iDRAC rmware SSL certicate

iDRAC SSL certicate is the identical certicate used for iDRAC Web server. All iDRAC controllers are shipped with a default self-

signed certicate.

130