White Papers

Configure SEKM by using a Server Configuration Profile (SCP)

35 Enable OpenManage Secure Enterprise Key Manager (SEKM) on Dell EMC PowerEdge Servers

Dell Customer Communication - Confidential

5 Configure SEKM by using a Server Configuration Profile

(SCP)

In this workflow example, the Server Configuration Profile (SCP) feature is used to set up the complete SEKM

solution for the iDRAC. For the Key Management Server, Gemalto KeySecure is used as the Key

Management Server.

1. Using SCP, import the signed SSL certificate, Server CA, iDRAC KMS attributes.

2. Enable SEKM on the iDRAC.

For the signed SSL certificate, a CSR is already generated, signed on Gemalto, and then downloaded.

The Server CA is also downloaded from Gemalto.

3. In the SCP, copy the complete contents of the signed SSL certificate and Server CA as shown in the

example SCP file below.

5.1 An SCP file example for configuring iDRAC SEKM configuration

This SCP file has been edited to show you only the SEKM configuration changes required to enable the

SEKM on the iDRAC.

<Attribute Name="SEKM.1#IPAddressInCertificate">Disabled</Attribute>

<Attribute Name="SEKM.1#SEKMStatus">Enabled</Attribute>

<Attribute Name="SEKM.1#Rekey">False</Attribute>

<Attribute Name="KMS.1#iDRACUserName">idracuserG1FWHQ2</Attribute>

<Attribute Name="SEKMCert.1#CommonName">idracuserG1FWHQ2</Attribute>

<Attribute Name="SEKMCert.1#LocalityName">Round Rock</Attribute>

<Attribute Name="SEKMCert.1#StateName">Texas</Attribute>

<Attribute Name="SEKMCert.1#EmailAddress">tester@dell.com</Attribute>