Users Guide
2. Click Start® Run.
3. Type mmc and click OK.
4. In the Console 1 (MMC) window, click File (or Console on Windows 2000 systems) and select Add/Remove Snap-in.
5. In the Add/Remove Snap-in window, click Add.
6. In the Standalone Snap-in window, select Certificates and click Add.
7. Select Computer account and click Next.
8. Select Local Computer and click Finish.
9. Click OK.
10. In the Console 1 window, expand the Certificates folder, expand the Personal folder, and click the Certificates folder.
11. Locate and right-click the root CA certificate, select All Tasks, and click Export.
12. In the Certificate Export Wizard, click Next and select No do not export the private key.
13. Click Next and select Base-64 encoded X.509 (.cer) as the format.
14. Click Next and save the certificate to a location of your choice. You will need to upload this certificate to the DRAC 4. To do this, go to the DRAC 4 Web-
based interface® Configuration tab® Active Directory page. Or, you can use the racadm CLI commands (see "Configuring the DRAC 4 Active Directory
Settings Using the racadm CLI").
15. Click Finish and click OK.
Importing the DRAC 4 Firmware SSL Certificate to All Domain Controllers' Trusted Certificate Lists
1. The DRAC 4 SSL certificate is the same certificate that is used for the DRAC 4 Web server. All DRAC 4 controllers are shipped with a default self-signed
certificate. You can get this certificate from the DRAC 4 by selecting Download DRAC 4 Server Certificate (see the DRAC 4 Web-based interface
Configuration tab and the Active Directory subtab).
2. On the domain controller, open an MMC Console window and select Certificates ® Trusted Root Certification Authorities.
3. Right-click Certificates, select All Tasks and click Import.
4. Click Next and browse to the SSL certificate file.
5. Install the RAC SSL Certificate in each domain controller's TrustedRootCertificationAuthority.
If you have installed your own certificate, ensure that the CA signing your certificate is in the TrustedRootCertificationAuthoritylist. If the CA is not in
the list, you must install it on all your Domain Controllers.
6. Click Next and select whether you would like Windows to automatically select the certificate store based on the type of certificate, or browse to a store
of your choice.
7. Click Finish and click OK.
Configuring Your Systems or Devices
For instructions on how to configure your Server Administrator or IT Assistant systems using CLI commands, see "Configuring Active Directory Using CLI on
Systems Running Server Administrator" and "Configuring Active Directory on Systems Running IT Assistant." For DRAC users, there are two ways to configure
DRAC 4. See either "Configuring the DRAC 4 Using the Web-Based Interface" or "Configuring the DRAC 4 Active Directory Settings Using the racadm CLI."
Configuring Active Directory Using CLI on Systems Running Server Administrator
You can use the omconfig preferences dirservice command to configure the Active Directory service. The productoem.ini file is modified to reflect these
NOTE: If the DRAC 4 firmware SSL certificate is signed by a well-known CA, you do not need to perform the steps described in this section.
NOTE: The following steps may vary slightly if you are using Windows 2000.
NOTE: The systems on which Server Administrator and/or IT Assistant are installed must be a part of the Active Directory domain and should also have
computer accounts on the domain.