Setup Guide

Server Configuration Profiles: User’s Guide

57 Server Configuration Profiles: Reference Guide | 456

17 Secure Enterprise Key Management Operations

Available in iDRAC9 version 4.00.00.00 and above.

Full details on the Secure Enterprise Key Management solution can be found in the Enable OpenManage

Secure Enterprise Key Manager (SEKM) on Dell EMC PowerEdge Servers documentation. The focus of this

document will be on enabling and configuring SEKM via SCP Import.

17.1 Prerequisites

The example workflow below uses Gemalto KeySecure for the Key Management Server. Configuration of

SEKM via SCP will require a CSR generated and signed from Gemalto, and a Server CA also from Gemalto.

The contents of both can be imported using the CertType/CertData attributes (Certificates).

17.2 Example XML

<ComponentFQDD="iDRAC.Embedded.1">

<AttributeName="SEKM.1#IPAddressInCertificate">Disabled</Attribute>

<AttributeName="SEKM.1#SEKMStatus">Enabled</Attribute>

<AttributeName="SEKM.1#KeyAlgorithm">AES‐256</Attribute>

<AttributeName="SEKM.1#Rekey">False</Attribute>

<AttributeName="KMS.1#PrimaryServerAddress">100.64.25.206</Attribute>

<AttributeName="KMS.1#KMIPPortNumber">5696</Attribute>

<AttributeName="KMS.1#Timeout">10</Attribute>

<AttributeName="KMS.1#iDRACUserName">idracuserG1FWHQ2</Attribute>

<AttributeName="KMS.1#iDRACPassword">P@ssw0rd</Attribute>

<AttributeName="KMS.1#RedundantKMIPPortNumber">5696</Attribute>

<AttributeName="SEKMCert.1#CommonName">idracuserG1FWHQ2</Attribute>

<AttributeName="SEKMCert.1#OrganizationName">DellEMC</Attribute>

<AttributeName="SEKMCert.1#OrganizationUnit">Test</Attribute>

<AttributeName="SEKMCert.1#LocalityName">RoundRock</Attribute>

<AttributeName="SEKMCert.1#StateName">Texas</Attribute>

<AttributeName="SEKMCert.1#CountryCode">US</Attribute>

<AttributeName="SEKMCert.1#EmailAddress">tester@dell.com</Attribute>

<AttributeName="SEKMCert.1#SubjectAltName"/>



<AttributeName="SEKMCert.1#UserId"/>

<AttributeName="SecurityCertificate.1#CertData">‐‐‐‐‐BEGINCERTIFICATE‐‐‐‐‐

MIIEvzCCA6egAwIBAgIBADANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMx

DjAMBgNVBAgTBVRleGFzMRMwEQYDVQQHEwpSb3VuZCBSb2NrMREwDwYDVQQKEwhE

ZWxsIEVNQzEhMB8GA1UECxMYUHJvZHVjdCBHcm91cCBWYWxpZGF0aW9uMRAwDgYD

VQQDEwdEZWxsIENBMSQwIgYJKoZIhvcNAQkBFhV0ZXhhc19yb2VtZXJAZGVsbC5j

b20wHhcNMTkwMjE0MjA1NjQ4WhcNMjkwMjEyMjA1NjQ4WjCBoDELMAkGA1UEBhMC

VVMxDjAMBgNVBAgTBVRleGFzMRMwEQYDVQQHEwpSb3VuZCBSb2NrMREwDwYDVQQK

EwhEZWxsIEVNQzEhMB8GA1UECxMYUHJvZHVjdCBHcm91cCBWYWxpZGF0aW9uMRAw

DgYDVQQDEwdEZWxsIENBMSQwIgYJKoZIhvcNAQkBFhV0ZXhhc19yb2VtZXJAZGVs

bC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChyihz1suLIIzl

K+XxI9nh59J+yCNXsMpKzneX0CSr1Aiay1Yyd1Uy2lcifJbmuocP2wLQUEWTnR19

K0zbRKTMNty0fr9NhnwiRFVfUzUPiEGPwTyqR7w2WmHqu5jCnOodC9n+6w8lGnV9

3LzKLaJYdJ9TPGn63ffVrDeprhQ376EK6QjR1xlrTG7kUH2Hu9D1thwxQCykS2eQ