Users Guide
Authority is a business entity that is recognized in the Information Technology industry for meeting high
standards of reliable screening, identification, and other important security criteria. Examples of CAs
include Thawte and VeriSign. To initiate the process of obtaining a CA-signed certificate, use either
iDRAC Web interface or RACADM interface to generate a Certificate Signing Request (CSR) with your
company’s information. Then, submit the generated CSR to a CA such as VeriSign or Thawte. The CA can
be a root CA or an intermediate CA. After you receive the CA-signed SSL certificate, upload this to iDRAC.
For each iDRAC to be trusted by the management station, that iDRAC’s SSL certificate must be placed in
the management station’s certificate store. Once the SSL certificate is installed on the management
stations, supported browsers can access iDRAC without certificate warnings.
You can also upload a custom signing certificate to sign the SSL certificate, rather than relying on the
default signing certificate for this function. By importing one custom signing certificate into all
management stations, all the iDRACs using the custom signing certificate are trusted. If a custom signing
certificate is uploaded when a custom SSL certificate is already in-use, then the custom SSL certificate is
disabled and a one-time auto-generated SSL certificate, signed with the custom signing certificate, is
used. You can download the custom signing certificate (without the private key). You can also delete an
existing custom signing certificate. After deleting the custom signing certificate, iDRAC resets and auto-
generates a new self-signed SSL certificate. If a self-signed certificate is regenerated, then the trust must
be re-established between that iDRAC and the management workstation. Auto-generated SSL certificates
are self-signed and have an expiration date of seven years and one day and a start date of one day in the
past (for different time zone settings on management stations and the iDRAC).
The iDRAC Web server SSL certificate supports the asterisk character (*) as part of the left-most
component of the Common Name when generating a Certificate Signing Request (CSR). For example,
*.qa.com, or *.company.qa.com. This is called a wildcard certificate. If a wildcard CSR is generated
outside of iDRAC, you can have a signed single wildcard SSL certificate that you can upload for multiple
iDRACs and all the iDRACs are trusted by the supported browsers. While connecting to iDRAC Web
interface using a supported browser that supports a wildcard certificate, the iDRAC is trusted by the
browser. While launching viewers, the iDRACs are trusted by the viewer clients.
Related Links
Generating a New Certificate Signing Request
Uploading Server Certificate
Viewing Server Certificate
Uploading Custom Signing Certificate
Downloading Custom SSL Certificate Signing Certificate
Deleting Custom SSL Certificate Signing Certificate
Generating a New Certificate Signing Request
A CSR is a digital request to a Certificate Authority (CA) for a SSL server certificate. SSL server certificates
allow clients of the server to trust the identity of the server and to negotiate an encrypted session with
the server.
After the CA receives a CSR, they review and verify the information the CSR contains. If the applicant
meets the CA’s security standards, the CA issues a digitally-signed SSL server certificate that uniquely
identifies the applicant’s server when it establishes SSL connections with browsers running on
management stations.
99