Users Guide
5. Click Back, click Finish, and then click Yes.
The details are saved.
Obtaining certificates
The following table lists the types of certificates based on the login type.
Table 12. Types of certificate based on login type
Login Type Certificate Type How to Obtain
Single Sign-on using Active Directory Trusted CA certificate Generate a CSR and get it signed from a
Certificate Authority
SHA-2 certificates are also supported.
Smart Card login as a local or Active
Directory user
• User certificate
• Trusted CA certificate
• User Certificate — Export the smart
card user certificate as Base64-
encoded file using the card
management software provided by
the smart card vendor.
• Trusted CA certificate — This
certificate is issued by a CA.
SHA-2 certificates are also supported.
Active Directory user login Trusted CA certificate This certificate is issued by a CA.
SHA-2 certificates are also supported.
Local User login SSL Certificate Generate a CSR and get it signed from a
trusted CA
NOTE: iDRAC ships with a default
self-signed SSL server certificate.
The iDRAC Web server, Virtual
Media, and Virtual Console use this
certificate.
SHA-2 certificates are also supported.
Related links
SSL server certificates
Generating a new certificate signing request
SSL server certificates
iDRAC includes a Web server that is configured to use the industry-standard SSL security protocol to transfer encrypted data over
a network. Built upon asymmetric encryption technology, SSL is widely accepted for providing authenticated and encrypted
communication between clients and servers to prevent eavesdropping across a network.
An SSL-enabled system can perform the following tasks:
• Authenticate itself to an SSL-enabled client
• Allow the two systems to establish an encrypted connection
The encryption process provides a high level of data protection. iDRAC employs the 128-bit SSL encryption standard, the most
secure form of encryption generally available for Internet browsers in North America.
iDRAC Web server has a Dell self-signed unique SSL digital certificate by default. You can replace the default SSL certificate with a
certificate signed by a well-known Certificate Authority (CA). A Certificate Authority is a business entity that is recognized in the
Information Technology industry for meeting high standards of reliable screening, identification, and other important security criteria.
Examples of CAs include Thawte and VeriSign. To initiate the process of obtaining a CA-signed certificate, use either iDRAC Web
interface or RACADM interface to generate a Certificate Signing Request (CSR) with your company’s information. Then, submit the
generated CSR to a CA such as VeriSign or Thawte. The CA can be a root CA or an intermediate CA. After you receive the CA-
signed SSL certificate, upload this to iDRAC.
90