Users Guide
If you are using Microsoft Enterprise Root CA to automatically assign all your domain controllers to an SSL certificate, you must:
1. Install the SSL certificate on each domain controller.
2. Export the Domain Controller Root CA Certificate to iDRAC.
3. Import iDRAC Firmware SSL Certificate.
Related links
Installing SSL certificate for each domain controller
Exporting domain controller root CA certificate to iDRAC
Importing iDRAC firmware SSL certificate
Installing SSL certificate for each domain controller
To install the SSL certificate for each controller:
1. Click Start → Administrative Tools → Domain Security Policy.
2. Expand the Public Key Policies folder, right-click Automatic Certificate Request Settings and click Automatic Certificate
Request.
The Automatic Certificate Request Setup Wizard is displayed.
3. Click Next and select Domain Controller.
4. Click Next and click Finish. The SSL certificate is installed.
Exporting domain controller root CA certificate to iDRAC
NOTE: If your system is running Windows 2000 or if you are using standalone CA, the following steps may vary.
To export the domain controller root CA certificate to iDRAC:
1. Locate the domain controller that is running the Microsoft Enterprise CA service.
2. Click Start → Run.
3. Enter mmc and click OK.
4. In the Console 1 (MMC) window, click File (or Console on Windows 2000 systems) and select Add/Remove Snap-in.
5. In the Add/Remove Snap-In window, click Add.
6. In the Standalone Snap-In window, select Certificates and click Add.
7. Select Computer and click Next.
8. Select Local Computer, click Finish, and click OK.
9. In the Console 1 window, go to Certificates Personal Certificates folder.
10. Locate and right-click the root CA certificate, select All Tasks, and click Export....
11. In the Certificate Export Wizard, click Next, and select No do not export the private key.
12. Click Next and select Base-64 encoded X.509 (.cer) as the format.
13. Click Next and save the certificate to a directory on your system.
14. Upload the certificate you saved in step 13 to iDRAC.
Importing iDRAC firmware SSL certificate
iDRAC SSL certificate is the identical certificate used for iDRAC Web server. All iDRAC controllers are shipped with a default self-
signed certificate.
If the Active Directory Server is set to authenticate the client during an SSL session initialization phase, you need to upload iDRAC
Server certificate to the Active Directory Domain controller. This additional step is not required if the Active Directory does not
perform a client authentication during an SSL session’s initialization phase.
NOTE: If your system is running Windows 2000, the following steps may vary.
NOTE: If iDRAC firmware SSL certificate is CA-signed and the certificate of that CA is already in the domain controller's
Trusted Root Certificate Authority list, do not perform the steps in this section.
To import iDRAC firmware SSL certificate to all domain controller trusted certificate lists:
1. Download iDRAC SSL certificate using the following RACADM command:
124