Ignore CSR for installing wildcard certificate in IDRAC6

Servers

Servers
Information and ideas on Dell PowerEdge rack, tower and blade server solutions.

Ignore CSR for installing wildcard certificate in IDRAC6

This question is answered

Hi,

 I want to install wildcard certificate to IDRAC6. We are managing over 200 DELL servers.

 So Get CSR and publish each own certificate doesn't make sense.

 Does anyone know how to ignore CSR and install wild card certificate to IDRAC6?

 Command line or GUI, both make me happy.

 Maybe in case of OMSA will be appreciated.

Thank you.

Verified Answer
All Replies
  • Good morning,

    After researching the issue, the iDRAC6 does not support wild card certificates.

    Regards,

    Geoff P
    Dell | Social Outreach Services - Enterprise


    Download the Dell Quick Resource Locator app today to access PowerEdge support content on your mobile device!
    (iOS, Android, Windows)

  • Thank you!

  • Better solution.  I was able to upload a wildcard certificate to 8 of our PE R710, R715 and R815 machines.  They are all iDRAC6.


    The key is to increase the key length BEFORE you upload the wild card certificate.

    Copy SSL Key and CRT (plus intermediate.crt files if necessary) files to Linux host that has access to RACADM utility

    concat your.crt and intermediate.crt

    cat your.crt intermediate.crt > combo.crt

    VI the combi.crt and make sure there is a hard return between the two certificiates.

    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----

    Expand the Key Size to allow for modern SSL Certificates

    racadm -r 192.168.rac.addr -u root -p yourPass config -g cfgRacSecurity -o cfgRacSecCsrKeySize 2048

    Upload the your Private Key

    racadm -r 192.168.rac.addr -u root -p yourPass sslkeyupload -t 1 -f your.key

    Upload the Combo Certificate

    racadm -r 192.168.rac.addr -u root -p yourPass sslcertupload -t 1 -f combo.crt

    this will cause a iDRAC reboot.  it will take about 5 minutes to complete

    Once done.. *.example.net certificate will work

    Jim

  • This one worked, thanks!!!