How to encrypt WS-MAN traffic - Dell Systems Management General Forum - Systems Management - Dell Community
Systems Management Forums

How to encrypt WS-MAN traffic

Systems Management

Systems Management
Dell Systems Management Solutions: Dell OpenManage, iDRAC, Repository Manager, Microsoft SCCM, Chassis Managment Controller, and more

How to encrypt WS-MAN traffic

  • Not for sure if this has already been discussed, my apologies if so.

    I work in a DOD environment where my OME server needs to be STIG'd. Part of the STIG's will not allowing unencrypted WinRM traffic. I have been trying to research a way to configure iDRAC to encrypt the ws-man traffic during inventory and discovery, as well as out-of-band updating. Just not for sure how to properly set this up. Any help is appreciated!

  • All communication between iDRAC and Winrm is always encrypted. If required, you can configure various SSL configuration and TLSprotocol setting on iDRAC

    Thanks-

    Shine

  • When I have the STIG's applied, OME will only recognize iDRAC as 'unknown.' If I back out these settings, iDRAC is discovered properly. I need to figure out a way for the iDRAC to speak to OME with these STIG settings applied. I may be going down the wrong path but I have signed certs loaded, TLS configured for 1.1 and above, with the firmware of 2.41.40.40

    Is there something I am overlooking?

  • Can you flash iDRAC to 2.50.50.50 (Link) and check the behavior. This FW have option to configure SSL Encryption and TLS protocol setting on iDRAC. You can set these higher level and check whether it fix the issue

    Thanks-

    Shine