The following are required:
- A Windows-based host with Dell's RACADM software installed (for uploading the private key and certificate to the iDRAC) Please see Dell's web site to download the latest version of the RACADM utility. As of the writing of this KB article in January 2015, the current versions of the RACADM utility for Windows are available at these links (not owned or controlled by Blue Coat):
32-bit: http://downloads.dell.com/FOLDER03252978M/1/OM-DRAC-Dell-Web-WIN-8.2.0-1739_A00.exe
64-bit: http://downloads.dell.com/FOLDER03252983M/1/OM-DRAC-Dell-Web-WINX64-8.2.0-1739_A00.exe
The iDRAC must be running at least firmware version 2.21.21.21. Please contact technical support or Dell to obtain this version of the iDRAC firmware. The firmware can be upgraded remotely with the following RACADM command:
C:\Program Files\Dell\SysMgt\rac5>racadm.exe -r <idrac-ip-address-or-name> -u root -p <idrac-root-password> fwupdate -d <c:\path\to\firmimg.d7>
You can also run 'racadm' locally on the Security Analytics appliance. The utility is included with the base SA software.
- A host with the OpenSSL suite installed, for the below instructions.
1. Generate 2048-bit, sha256 private key & csr:
openssl req -newkey rsa:2048 -sha256 -keyout fqdn.key -out fqdn.csr
2. Remove passphrase from private key (private keys with pass phrases are not supported by iDrac)
openssl rsa -in fqdn.key -out fqdn.key
3. Optionally, view/check key and signing request
openssl rsa -in fqdn.key -check
openssl req -in fqdn.csr -text -noout
4. Use the certificate signing authority to generate and provide a certificate
iDRAC7 accepts only X509, Base 64 encoded Web server certificates.
5. Optionally, view/check certificate to make sure it's sha256/2048bit
openssl x509 -in fqdn.pem -text -noout
Then using RACADM (Windows or SA):
6. Upload the private key to the iDrac
racadm -r my-idrac-ip -u root -p calvin sslkeyupload -t 1 -f fqdn.key
7. Upload the new certificate
racadm -r my-idrac-ip -u root -p calvin sslcertupload -t 1 -f certificate.pem
8. Reboot the iDrac
racadm -r my-idrac-ip -u root -p calvin racreset
Wait 5 minutes for the reset to complete.
To delete a Self Signed certificate using racadm (and get back to the default certificate), do the following:
- Delete the self-signed certificate
racadm sslcertdelete -t 3
- Reboot the iDrac
racadm racreset