How to create a SHA2 SSL certificate signing request and install the certificate on Dell iDRAC?

How to create a SHA2 SSL certificate signing request and install the certificate on Dell iDRAC?

To utilize SHA2 based SSL objects with the iDRAC on the Dell PowerEdge servers like R620 and R720, you must generate a certificate signing request and a private key on the distinct host. These resulting certificates and keys must upload to iDRAC later.

1.How to create SHA2 SSL certificate signing request

The following are required:

1. A Windows-based host with Dell’s RACADM software installed (for uploading the private key and certificate to the iDRAC)
2. Please check Dell’s web site to download the latest version of the RACADM utility.
   • 32-bit: http://downloads.dell.com/FOLDER03252978M/1/OM-DRAC-Dell-Web-WIN-8.2.0-1739_A00.exe
   • 64-bit: http://downloads.dell.com/FOLDER03252983M/1/OM-DRAC-Dell-Web-WINX64-8.2.0-1739_A00.exe
3. The iDRAC must be running at least firmware version 2.21.21.21. Please contact Dell to obtain this version of the iDRAC firmware. The firmware can be upgraded remotely with the following RACADM command:C:\Program Files\Dell\SysMgt\rac5>racadm.exe -r -u root -p fwupdate -d <c:\path\to\firmimg.d7></c:\path\to\firmimg.d7>
4. A host with the OpenSSL suite installed, for the below instructions.
   1. Generate 2048-bit, sha256 private key & csr
      openssl req -newkey rsa:2048 -sha256 -keyout fqdn.key -out fqdn.csr
   2. Remove passphrase from private key (private keys with pass phrases are not supported by iDRAC)
      openssl rsa -in fqdn.key -out fqdn.key
   3. Optionally, view/check key and signing request
      openssl rsa -in fqdn.key -check
      openssl req -in fqdn.csr -text -noout
   4. Use the certificate signing authority to generate and provide a certificate
      iDRAC7 accepts only X509, Base 64 encoded Web server certificates.
   5. Optionally, view/check certificate to make sure it’s sha256/2048bit
      openssl x509 -in fqdn.pem -text -noout

Then on Windows with RACADM:

2.How to create SHA2 SSL certificate signing request

1. Upload the private key to the iDRAC
   racadm.exe -r my-idrac-ip -u root -p calvin sslkeyupload -t 1 -f fqdn.key
2. Upload the new certificate
   racadm.exe -r my-idrac-ip -u root -p calvin sslcertupload -t 1 -f certificate.pem
3. Reboot the idrac
   racadm.exe -r my-idrac-ip -u root -p calvin racreset

Wait 5 minutes for the reset to complete.

We hope this guide helped you with this easy process. If you are unable to use these instructions, Acmetek recommends that you contact either the vendor of your software or the hosting organization that supports it.