White Papers
Dell Management Plug-in for VMware vCenter: Discovery of Dell Bare-Metal Servers
17
Handshake client certificate
The iDRAC handshake client certificate is signed with a Dell certificate authority root certificate for
which the public key is made available by Dell to console software partners that incorporate an Auto-
Discovery Provisioning Server. It is generated during the factory build of the server and is unique to
every system. The default hostname (Common Name) embedded in the handshake client certificate is
the service tag of the server. The console software can optionally check that the certificate hostname
(Common Name) provided matches the service tag provided in the initial handshake request payload.
You can also install a customized client certificate using WS-MAN. The DownloadClientCerts() method
on the DCIM_LCService class is called to cause a custom signed Auto-Discovery client encryption
certificate to generate. The method takes as input a Certificate Authority generated key certificate
and related hash and password parameters. It uses the provided key certificate to sign a certificate
containing the system service tag as the Certificate Name(CN). The method returns a job ID that is
used to check the success of the download, generation, and installation of the Auto-Discovery client
private certificate. For examples of command-line invocations using WinRM and WSMANCLI, see the
Lifecycle Controller Web Services Interface Guide.
Private server certificate
A private certificate signed by the Dell certificate authority for the console software provisioning
server is provided by Dell to console software partners. During the initial handshake connection, the
iDRAC handshake client verifies that the certificate provided by the provisioning server during the
initial SSL exchange is properly signed by the Dell certificate authority.
You can install a customized server certificate using WS-MAN. The DownloadServerPublicKey() method
on the DCIM_LCService class is called to transfer a provisioning server public key certificate. The
provisioning server public key is used as part of strict mutual authentication between the Auto-
Discovery client and the provisioning server. The method takes as input a provisioning server public key
certificate and related hash and hash type parameters. The method returns a job ID that checks the
success of the processing and installation of the provisioning server public key. For examples of
command-line invocations using WinRM and WSMANCLI, see the Lifecycle Controller Web Services
Interface Guide. DCIM Profile specification and related MOF files are available at Dell TechCenter wiki
in the DCIM Extension Library area (www.DellTechCenter.com).