Users Guide

ManualsBrandsDell ManualsActive System ManageriDRAC7 with Lifecycle Controller Version 2.40.40.40

certicate. If a wildcard CSR is generated outside of iDRAC, you can have a signed single wildcard SSL certicate that you can

upload for multiple iDRACs and all the iDRACs are trusted by the supported browsers. While connecting to iDRAC Web interface

using a supported browser that supports a wildcard certicate, the iDRAC is trusted by the browser. While launching viewers, the

iDRACs are trusted by the viewer clients.

Related links

Generating a new certicate signing request

Uploading server certicate

Viewing server certicate

Uploading custom signing certicate

Downloading custom SSL certicate signing certicate

Deleting custom SSL certicate signing certicate

Generating a new certicate signing request

A CSR is a digital request to a Certicate Authority (CA) for a SSL server certicate. SSL server certicates allow clients of the

server to trust the identity of the server and to negotiate an encrypted session with the server.

After the CA receives a CSR, they review and verify the information the CSR contains. If the applicant meets the CA’s security

standards, the CA issues a digitally-signed SSL server certicate that uniquely identies the applicant’s server when it establishes

SSL connections with browsers running on management stations.

After the CA approves the CSR and issues the SSL server certicate, it can be uploaded to iDRAC. The information used to generate

the CSR, stored on the iDRAC rmware, must match the information contained in the SSL server certicate, that is, the certicate

must have been generated using the CSR created by iDRAC.

Related links

SSL server certicates

Generating CSR using web interface

To generate a new CSR:

NOTE: Each new CSR overwrites any previous CSR data stored in the rmware. The information in the CSR must match

the information in the SSL server certicate. Else, iDRAC does not accept the certicate.

1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Network → SSL, select Generate Certicate Signing

Request (CSR) and click Next.

The Generate a New Certicate Signing Request page is displayed.

2. Enter a value for each CSR attribute.

For more information, see iDRAC Online Help.

3. Click Generate.

A new CSR is generated. Save it to the management station.

Generating CSR using RACADM

To generate a CSR using RACADM, use the set command with the objects in the iDRAC.Security group, and then use the sslcsrgen

command to generate the CSR.

For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Uploading server certicate

After generating a CSR, you can upload the signed SSL server certicate to the iDRAC rmware. iDRAC must be reset to apply the

certicate. iDRAC accepts only X509, Base 64 encoded Web server certicates. SHA-2 certicates are also supported.

CAUTION: During reset, iDRAC is not available for a few minutes.

94