Manualshelf

Users Guide

ManualsBrandsDell ManualsSoftwareLifecycle Controller 2 Version 1.0.8
21222324252627282930
5
Managing Certificates
Use the certificate management feature to transfer custom-defined certificates to iDRAC7 and create a unique
certificate based on the service tag of a system to enhance the security. While placing the order, you can request Dell to
factory preset the system with the certificate of your choice using the Custom Factory Install (CFI) process available
from Dell.
Creating Custom Trusted Root Client Certificates for the
Provisioning Server
The DownloadClientCerts() method on DCIM_LCService class can be called to generate a custom signed Auto-
discovery client certificate. The method uses a Certificate Authority generated key certificate and related hash and
password parameters as input. The key certificate provided is used to sign a certificate containing the system service
tag as the Common Name (CN). The method returns a job ID that can be used to check the success of the download,
generation, and installation of the Auto-discovery client certificate. For examples of command line invocations using
WinRM and WSMANCLI, see the
Lifecycle Controller Web Services Interface Guide–Windows and Linux version
.
Providing Custom Server Certificates
The DownloadServerPublicKey() method on the DCIM_LCService class can be called to transfer the CA certificate
that is used to sign all the provisioning servers in the deployment network.
NOTE: The trusted CA certificate is used to authenticate all the provisioning servers.
Make sure that the Provisioning Server Certificate is self-signed before using it on iDRAC.
The method uses the CA certificate and related hash and hash type parameters as input. The method returns a job ID
that can be used to check the success of the processing and installation of the Provisioning Server public key. For
examples of command line invocations using WS-Management utilities, see the
Lifecycle Controller Web Services
Interface Guide–Windows and Linux version
. DCIM Profile specification and related MOF files are available at
delltechcenter.com/page/DCIM.Library.
Deleting Custom Certificates
You can delete any of the custom certificates that are uploaded on the managed system or created on it. Using this
feature, you can wipe all the custom signed certificates from the server, whenever required.
NOTE: This feature does not delete the factory certificates.
Custom Server Public Key Deletion
Use the DeleteAutoDiscoveryServerPublicKey() method on the DCIM_LCService class to delete the CA certificate
that is used to validate or authenticate server certificates.
25