Users Guide
When accessing the iDRAC Web-based interface, a security warning is displayed stating that the SSL certicate host name
does not match the iDRAC host name.
iDRAC includes a default iDRAC server certicate to ensure network security while accessing through the Web-based interface and
remote RACADM. When this certicate is used, the Web browser displays a security warning because the default certicate that is
issued to iDRAC does not match the iDRAC host name (for example, the IP address).
To resolve this, upload an iDRAC server certicate issued to the IP address or the iDRAC host name. When generating the CSR
(used for issuing the certicate), make sure that the common name (CN) of the CSR matches the iDRAC IP address (if certicate
issued to IP) or the registered DNS iDRAC name (if certicate is issued to iDRAC registered name).
To make sure that the CSR matches the registered DNS iDRAC name:
1. In iDRAC Web interface, go to Overview → iDRAC Settings → Network. The Network page is displayed.
2. In the Common Settings section:
• Select the Register iDRAC on DNS option.
• In the DNS iDRAC Name eld, enter the iDRAC name.
3. Click Apply.
Active Directory
Active Directory login failed. How to resolve this?
To diagnose the problem, on the Active Directory Conguration and Management page, click Test Settings. Review the test
results and x the problem. Change the conguration and run the test until the test user passes the authorization step.
In general, check the following:
• While logging in, make sure that you use the correct user domain name and not the NetBIOS name. If you have a local iDRAC
user account, log into iDRAC using the local credentials. After logging in, make sure that:
– The Active Directory Enabled option is selected on the Active Directory Conguration and Management page.
– The DNS setting is correct on the iDRAC Networking conguration page.
– The correct Active Directory root CA certicate is uploaded to iDRAC if certicate validation was enabled.
– The iDRAC name and iDRAC Domain name matches the Active Directory environment conguration if you are using extended
schema.
– The Group Name and Group Domain Name matches the Active Directory conguration if you are using standard schema.
– If the user and the iDRAC object is in dierent domain, then do not select the User Domain from Login option. Instead select
Specify a Domain option and enter the domain name where the iDRAC object resides.
• Check the domain controller SSL certicates to make sure that the iDRAC time is within the valid period of the certicate.
Active Directory login fails even if certicate validation is enabled. The test results display the following error message. Why
does this occur and how to resolve this?
ERROR: Can't contact LDAP server, error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed: Please check the correct
Certificate Authority (CA) certificate has been uploaded to iDRAC. Please also check if the
iDRAC date is within the valid period of the certificates and if the Domain Controller
Address configured in iDRAC matches the subject of the Directory Server Certificate.
If certicate validation is enabled, when iDRAC establishes the SSL connection with the directory server, iDRAC uses the uploaded
CA certicate to verify the directory server certicate. The most common reasons for failing certication validation are:
• iDRAC date is not within the validity period of the server certicate or CA certicate. Check the iDRAC time and the validity
period of your certicate.
290