White Papers
Configure the SEKM Solution by using iDRAC RACADM CLI
26 Enable OpenManage Secure Enterprise Key Manager (SEKM) on Dell EMC PowerEdge Servers
Dell Customer Communication - Confidential
C:\>racadm -r 100.65.99.179 -u root -p calvin --nocertwarn set idrac.sekmcert.OrganizationUnit
Test
[Key=idrac.Embedded.1#SEKMCert.1]
Object value modified successfully
C:\>racadm -r 100.65.99.179 -u root -p calvin --nocertwarn set idrac.sekmcert.StateName Texas
[Key=idrac.Embedded.1#SEKMCert.1]
Object value modified successfully
3.1 Generate a CSR
1. Get the CSR contents signed on the Gemalto server. See Get the CSR file signed on Gemalto.
2. Download the signed file, and then upload it back to iDRAC. Run the following command at the RACADM
CLI:
C:\>racadm -r 100.65.99.179 -u root -p calvin --nocertwarn sslcsrgen -g -t 3 -f sekm_csr
A CSR is successfully generated and downloaded.
3.2 Get the CSR file signed on the Gemalto GUI
-----BEGIN CERTIFICATE REQUEST-----
MIIC/jCCAeYCAQAwgY8xCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczETMBEG
A1UEBwwKUm91bmQgUm9jazERMA8GA1UECgwIRGVsbCBFTUMxDTALBgNVBAsMBFRl
c3QxGTAXBgNVBAMMEGlkcmFjdXNlckcxRldIUTIxHjAcBgkqhkiG9w0BCQEWD3Rl
c3RlckBkZWxsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKnj
7mgS3hzKz5rw9Guh5pEe5hnSR7jgI+MSmUgi45UtnXXGkU6a81KXKKE/cRIX9TOL
JcBr4teq5kIF2dtXnAX6Eq+M18aVuz0EbRFeD1I70mgwjqMgmRhidnINI6Ya+lWV
i/OyLyeJ7l1SKnu4UpUGF1jcpYubDSpT11ZZ5bw3LotBk1rbLqlHpY1c9kGgnjae
LPXSqhw/kIc+EockUaN4kuWAVPXmr3xB5ptGugkKneP9ZY0boX4LL0CHMFAcqp0z
76vqTYAVn73oyinMW8p5hchyOThqWbXzocYPeX01k7c4zmb3/aNjXSTSGi/KR4Zg
5VWdVJ+m2ILLNyKC+9MCAwEAAaApMCcGCSqGSIb3DQEJDjEaMBgwCQYDVR0TBAIw
ADALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQELBQADggEBAD8K6LED0+uNioiBL7Na
V3t5LGma/I3sPYl4baDdOngNQ87NxOvv/qermZPiWn02Oc/Z1fkpvxw+bYYldH3+
ewe4Zntba5fkvKxIPcCRKxO/fUadtM928+pKlmIF784OsVaJiyAXFhcaB33Sdtc4
Kt3m2JQUuv+eKDxG+xvugSiwuEftZ2FJZsHUeUcl6aH1cTuBhpm5XiP/IUmvgF1A
EplLYX9uwLS7B16UomeRVtP1G2LwksFzaHVFDwGmzQY/AB2l6UP1CzpXxF02yA3y
kjw+SxEOs6JnYpT9yxJSCj2RmddB56ZYUUGD02DL7iALsbkQtfovLpjo9pPBD2lp
36A=
-----END CERTIFICATE REQUEST-----
1. On the Gemalto GUI, click Security Tab → Local CAs.
2. Click Sign Request.