Installing idrac Certificate Using RACADM Commands



Similar documents
Managing Web Server Certificates on idrac

Dell Wyse Datacenter for View RDS Desktops and Remote Applications

How To Create A Web Server On A Zen Nlb (Networking) With A Web Browser On A Linux Server On An Ipad Or Ipad On A Raspberry Web 2.4 (

Dell Solutions Configurator Guide for the Dell Blueprint for Big Data & Analytics

High Performance SQL Server with Storage Center 6.4 All Flash Array

Using Dell EqualLogic and Multipath I/O with Citrix XenServer 6.2

Accessing Remote Desktop using VNC on Dell PowerEdge Servers

Recommended Methods for Updating Firmware on Dell Servers

Dell Fabric Manager Installation Guide 1.0.0

idrac7 Version With Lifecycle Controller 2 Version 1.1 Quick Start Guide

Active Fabric Manager (AFM) Plug-in for VMware vcenter Virtual Distributed Switch (VDS) CLI Guide

Dell Server Management Pack Suite Version For Microsoft System Center Operations Manager And System Center Essentials User s Guide

Dell OpenManage Network Manager Version 5.3 Service Pack 2 Quick Start Guide

Integrating idrac7 With Microsoft Active Directory

DELL Remote Access Configuration Tool

Dell Compellent 6.5 SED Reference Architecture and Best Practices

Integrating idrac 7 with Microsoft Active Directory

RAID And Storage Configuration using RACADM Commands in idrac7

Remote Installation of VMware ESX Server Software Using Dell Remote Access Controller

Configuring idrac6 for Directory Services

Deploying Dell OpenManage Server Administrator on VMware ESXi Using Dell Online Depot and VMware Update Manager

Integrated Dell Remote Access Controller 7 (idrac7) Version User's Guide

Open Networking: Dell s Point of View on SDN A Dell White Paper

Manage Dell Hardware in a Virtual Environment Using OpenManage Integration for VMware vcenter

VMware vsphere 5 on Dell PowerEdge Systems Deployment Guide

VMware ESX 2.5 Server Software Backup and Restore Guide on Dell PowerEdge Servers and PowerVault Storage

Configuring Single Sign-On for Application Launch in OpenManage Essentials

Proactively Managing Servers with Dell KACE and Open Manage Essentials

Migrating an Oracle Database to Dell Compellent Storage Center

Active Fabric Manager (AFM) Installation Guide 2.0

Dell EqualLogic PS Series iscsi Storage Arrays With Microsoft Windows Server Failover Clusters Hardware Installation and Troubleshooting Guide

Enhancements to idrac7 Alert Notification

How to Setup and Configure ESXi 5.0 and ESXi 5.1 for OpenManage Essentials

DELL. Virtual Desktop Infrastructure Study END-TO-END COMPUTING. Dell Enterprise Solutions Engineering

Dell Performance Analysis Collection Kit. User's Guide

Dell PowerEdge Blades Outperform Cisco UCS in East-West Network Performance

SnapServer NAS GuardianOS 5.2 Compatibility Guide October 2009

HP Device Manager 4.7

Step-by-step Guide for Configuring Cisco ACS server as the Radius with an External Windows Database

Symantec Backup Exec Management Plug-in for VMware User's Guide

Symantec Backup Exec TM 11d for Windows Servers. Quick Installation Guide

NET UX Series with Microsoft Lync 2010 and CyberData VoIP Intercom

Citrix XenDesktop VDI with Dell Storage SC4020 All-Flash Arrays for 1,800 Persistent Desktop Users

Security Certificate Configuration for IM and Presence Service

How To Connect To A Network On A Pc Or Mac (For Mac) On A Microsoft Mac 2.5 (For Ipo) On An Ipo 2.2 (For Pc) On Zephone (For Pnet) On

Symantec Backup Exec 2010 R2. Quick Installation Guide

PHD Virtual Backup for Hyper-V

SSL Interception on Proxy SG

Agent-free Monitoring of Dell PowerEdge 12G Servers in Nagios Core and Nagios XI

Using Red Hat Network Satellite Server to Manage Dell PowerEdge Servers

Server Installation Guide

Dell FlexAddress for PowerEdge M-Series Blades

Dell Compellent Storage Center

SQL Express to SQL Server Database Migration MonitorIT v10.5

Getting Started with ESXi Embedded

Oracle Enterprise Manager

Discovery and Inventory of Dell Devices using OpenManage Essentials

Systems Management Tools And Documentation Version 8.1 Installation Guide

An Oracle White Paper September Oracle WebLogic Server 12c on Microsoft Windows Azure

CLIENT CERTIFICATE (EAP-TLS USE)

WHITE PAPER Citrix Secure Gateway Startup Guide

SnapServer NAS GuardianOS 6.5 Compatibility Guide May 2011

Building Microsoft Windows Server 2012 Clusters on the Dell PowerEdge VRTX

Simplifying Systems Management for Computer Associates (CA) NSM r11.1 and r11.2 for Dell Hardware A Dell Technical White Paper

Upgrade to Microsoft Windows Server 2012 R2 on Dell PowerEdge Servers Abstract

Dual-Core Processors on Dell-Supported Operating Systems

Junio SSL WebLogic Oracle. Guía de Instalación. Junio, SSL WebLogic Oracle Guía de Instalación CONFIDENCIAL Página 1 de 19

Configuration (X87) SAP Mobile Secure: SAP Afaria 7 SP5 September 2014 English. Building Block Configuration Guide

SQL Express to SQL Server Database Migration Goliath Performance Monitor v11.5

Service Description. Remote Consulting Service. Introduction to your service agreement. The scope of your service agreement

CommandCenter Secure Gateway

GRAVITYZONE HERE. Deployment Guide VLE Environment

Secure IIS Web Server with SSL

Dell idrac7 with Lifecycle Controller

Lab 05: Deploying Microsoft Office Web Apps Server

Configuration Guide for RFMS 3.0 Initial Configuration. WiNG 5 How-To Guide. Digital Certificates. July 2011 Revision 1.0

Interworks. Interworks Cloud Platform Installation Guide

Installing Management Applications on VNX for File

Application Notes for Microsoft Office Communicator Clients with Avaya Communication Manager Phones - Issue 1.1

Exchange 2010 PKI Configuration Guide

Backup Exec 15. Quick Installation Guide

Reference Architecture for Dell VIS Self-Service Creator and VMware vsphere 4

Backup Exec 2014 Software Compatibility List (SCL)

Dell Vostro 3460/3560

An Oracle White Paper July Introducing the Oracle Home User in Oracle Database 12c for Microsoft Windows

Blue Coat Security First Steps Solution for Controlling HTTPS

Cox Managed CPE Services. RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft]

NOTE: This is not a official Cisco document and you use it on your own risk.

Heroix Longitude Quick Start Guide V7.1

Dell EqualLogic Red Hat Enterprise Linux 6.2 Boot from SAN

Generating and Renewing an APNs Certificate. Technical Paper May 2012

or later or later or later or later

RealPresence Platform Director

Dell OpenManage Network Manager Version 6.0. Quickstart Guide

QuickStart Guide for Managing Mobile Devices. Version 9.2

Quick Start Guide. for Installing vnios Software on. VMware Platforms

Configuring Multiple ACE Management Servers VMware ACE 2.0

Generating SSH Keys and SSL Certificates for ROS and ROX Using Windows AN22

Using VMware Player. VMware Player. What Is VMware Player?

Dell PowerVault MD32xx Deployment Guide for VMware ESX4.1 Server

Transcription:

Installing idrac Certificate Using RACADM Commands This Dell Technical white paper provides detailed information about generation of idrac certificate by using RACADM CLI. Dell Engineering October 2013 Author Prashanth B S Pradeep Mulay A Dell Technical White Paper

Revisions Date October 2013 Description Initial release THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS PROVIDED AS IS, WITHOUT EXPRESS OR IMPLIED WARRANTIES OF ANY KIND. 2013 Dell Inc. All rights reserved. Reproduction of this material in any manner whatsoever without the express written permission of Dell Inc. is strictly forbidden. For more information, contact Dell. Dell, the DELL logo, and the DELL badge are trademarks of Dell Inc. Symantec, NetBackup, and Backup Exec are trademarks of Symantec Corporation in the U.S. and other countries. Microsoft, Windows, and Windows Server are registered trademarks of Microsoft Corporation in the United States and/or other countries. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell disclaims any proprietary interest in the marks and names of others. Dell, the Dell logo, Dell Boomi, Dell Precision,OptiPlex, Latitude, PowerEdge, PowerVault, PowerConnect, OpenManage, EqualLogic, Compellent, KACE, FlexAddress, Force10 and Vostro are trademarks of Dell Inc. Other Dell trademarks may be used in this document. Cisco Nexus, Cisco MDS, Cisco NX- 0S, and other Cisco Catalyst are registered trademarks of Cisco System Inc. EMC VNX, and EMC Unisphere are registered trademarks of EMC Corporation. Intel, Pentium, Xeon, Core and Celeron are registered trademarks of Intel Corporation in the U.S. and other countries. AMD is a registered trademark and AMD Opteron, AMD Phenom and AMD Sempron are trademarks of Advanced Micro Devices, Inc. Microsoft, Windows, Windows Server, Internet Explorer, MS-DOS, Windows Vista and Active Directory are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Red Hat and Red Hat Enterprise Linux are registered trademarks of Red Hat, Inc. in the United States and/or other countries. Novell and SUSE are registered trademarks of Novell Inc. in the United States and other countries. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Citrix, Xen, XenServer and XenMotion are either registered trademarks or trademarks of Citrix Systems, Inc. in the United States and/or other countries. VMware, Virtual SMP, vmotion, vcenter and vsphere are registered trademarks or trademarks of VMware, Inc. in the United States or other 2 Installing idrac Certificate Using RACADM Commands

countries. IBM is a registered trademark of International Business Machines Corporation. Broadcom and NetXtreme are registered trademarks of Broadcom Corporation. Qlogic is a registered trademark of QLogic Corporation. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and/or names or their products and are the property of their respective owners. Dell disclaims proprietary interest in the marks and names of others. 3 Installing idrac Certificate Using RACADM Commands

Contents Revisions... 2 Executive Summary... 5 Introduction... 5 1 Generating Certificate Signing Request (CSR)... 6 2 Submitting Certificate Request... 8 3 Uploading CA Certificate to idrac... 11 4 Installing idrac Certificate on Windows Systems... 12 5 Installing idrac Certificate on Linux Systems... 13 Conclusion...14 4 Installing idrac Certificate Using RACADM Commands

Executive Summary Introduction This document provides details about generation of idrac certificate that includes signing and adding the signed certificate to the trusted store on management stations using RACADM CLI. Running RACADM commands are the most-opted method for managing Dell servers using a command line interface (CLI). Dell is investing to continually improve and add more functionality to RACADM. When you try to connect to idrac using Remote RACADM, and if there is an invalid certificate warning before running a command, it is indicated that the idrac IP address being connected to might not be from a trusted source. Following are the tasks to address the certificate warning scenario. 5 Installing idrac Certificate Using RACADM Commands

1 Generating Certificate Signing Request (CSR) The first task in certificate installation is to create a Certificate Signing Request (CSR) and download it by getting it signed by a Certificate Authority. Following sequence of RACADM commands are used to configure the parameters for creating a CSR. The sample values shown here are for illustration purpose only. For more information about the objects or supported values, refer to the RACADM Command Line Reference Guide for idrac7 and CMC available at dell.com/support/manuals. 1. Make sure that the DNS RAC name is same as the common name specified in the security group of idrac by running any of the following commands. On idrac6 servers, config commands are supported and on idrac7 servers, set commands are recommended, though config commands are also supported. The set command racadm set idrac.nic.dnsracname idrac-ssl-certificate The config command racadm config g cfglannetworking o cfgdnsracname idrac-ssl-certificate 2. To configure a DNS domain name, under idrac registration, click Enable. On idrac6 servers, config commands are supported and on idrac7 servers, set commands are recommended, though config commands are also supported. The set command racadm set idrac.nic.dnsdomainname xyz.com racadm set idrac.nic.dnsregister Enabled The config command racadm config g cfglannetworking o cfgdnsdomainname xyz.com racadm config g cfglannetworking o cfgdnsregisterrac 1 3. To configure the idrac security group-related parameters for CSR generation, run one of the following commands: The set subcommand racadm set idrac.security.csrkeysize 1024/2048 racadm set idrac.security.csrcommonname idrac-ssl-certificate racadm set idrac.security.csrorganizationname XYZ racadm set idrac.security.csrorganizationunit Unit1 racadm set idrac.security.csrlocalityname LocName 6 Installing idrac Certificate Using RACADM Commands

racadm set idrac.security.csrstatename StateName racadm set idrac.security.csrcountrycode US racadm set idrac.security.csremailaddr abc@xyz.com The config subcommand racadm config g cfgracsecurity o cfgracseccsrkeysize 1024/2048 racadm config g cfgracsecurity o cfgracseccsrcommonname idrac-ssl- Certificate racadm config g cfgracsecurity o cfgracseccsrorganizationname XYZ racadm config g cfgracsecurity o cfgracseccsrorganizationunit Unit1 racadm config g cfgracsecurity o cfgracseccsrlocalityname LocName racadm config g cfgracsecurity o cfgracseccsrstatename StateName racadm config g cfgracsecurity o cfgracseccsrcountrycode US racadm config g cfgracsecurity o cfgracseccsremailaddr abc@xyz.com 4. When all the required parameters are configured successfully, CSR is generated using the sslcsrgen subcommand. This subcommand uses the parameters specified under the idrac.security group for generating a CSR. The command syntax is given here. racadm sslcsrgen g f idraccsr.txt Note: The file option is supported only through Remote RACADM interface or Local RACADM interface. 7 Installing idrac Certificate Using RACADM Commands

2 Submitting Certificate Request After the CSR file is successfully generated and downloaded to the client file system, open the CSR file in a Notepad or MS-Word application, and then copy the contents between the begin and end points as indicated in the screen shot here. From here Till here Figure 1 A Sample Certificate 1. In the Address bar of a browser, type https://<ip address>/certsrv Figure 2 Certificate Authority Home Page 8 Installing idrac Certificate Using RACADM Commands

2. On the Microsoft Directory Certificate Services page, click Request a certificate, and then click advanced certificate request. Figure 3 Certificate Request 3. Click Submit a certificate request by using base-64-encoded CMC or PKCS #10 file or submit a renewal request by using a base 64-encoded PKCS #7 file Figure 4 Advanced Certificate Request 4. In the Saved Request box, paste the certificate data that you copied earlier. From the Certificate Template drop-down menu, select Web Server, and then click Submit. An appropriate certificate is issued. Figure 5 Submit a Certificate Signing Request 9 Installing idrac Certificate Using RACADM Commands

5. To issue a Signed Certificate, click Base 64 encoded. 6. To download the Base-64 encoded format certificate, click Download Certificate. Figure 6 Signed Certificate Download Option 10 Installing idrac Certificate Using RACADM Commands

3 Uploading CA Certificate to idrac 1. The certificate issued by the Certificate Services has to be uploaded to idrac as a web server certificate for authenticating any client connection requests. To perform this operation run the following command. racadm sslcertupload t 1 f certnew.cer 2. To make sure that the certificate has been uploaded to idrac successfully, run the following command. racadm sslcertview -t 1 11 Installing idrac Certificate Using RACADM Commands

4 Installing idrac Certificate on Windows Systems If the Windows Management Station is already part of the same domain as certificate authority, then the whole setup process is complete. There will not be any certificate warning observed during the next Remote RACADM session. Else, if MS-Windows is not part of the same domain as certificate authority, then complete the following tasks: 1. On the Welcome page, click Download a CA certificate chain or CRL. Figure 7 Welcome Page 2. On the Download a CA Certificate, Certificate Chain, or CRL page, click Down CA Certificate. Figure 8 Download CA certificate 3. Install the certificate on the Windows management station. For more information about installing a certificate, see http://blogs.technet.com/b/sbs/archive/2007/04/10/installing-a-self-signedcertificate-as-a-trusted-root-ca-in-windows-vista.aspx 4. To point to a DNS server of the domain of the Root CA, configure the DNS settings for name resolutions in the networking, 5. To run Remote RACADM command, at the command line interface, use the idrac FQDN as a remote endpoint while running any remote RACADM command. racadm r idrac-ssl-certificate.xyz.com u admin p passwd getsysinfo 12 Installing idrac Certificate Using RACADM Commands

5 Installing idrac Certificate on Linux Systems 1. Convert the certificate in DER format to PEM format (using openssl command line tool): openssl x509 -inform pem -in [yourdownloadedderformatcert.crt] outform pem - out [outcertfileinpemformat.pem] text 2. Find the location of the default CA certificate bundle on the management station. For example, for RHEL5 64-bit, it is /etc/pki/tls/cert.pem. 3. Append the PEM formatted CA certificate to the management station CA certificate. For example, run the cat command: - cat testcacert.pem >> cert.pem 4. To point to a DNS server of the domain of the Root CA, configure the DNS settings for name resolutions in the networking, 5. To run Remote RACADM command, at the command line interface, use the idrac FQDN as a remote endpoint while running any remote RACADM command. racadm r idrac-ssl-certificate.xyz.com u admin p passwd getsysinfo 13 Installing idrac Certificate Using RACADM Commands

Conclusion The sections covered in this document discusses about the generation and installation of idrac Certificate by using the RACADM commands. This helps to avoid certificate-related warnings observed while connecting to idrac using Remote RACADM or idrac GUI using a Web browser. For more information about generating and uploading a Server Certificate using idrac GUI, refer to the idrac User s Guide available at dell.com/support/manuals. 14 Installing idrac Certificate Using RACADM Commands

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information