Viewing Server Certificate
Generating a New Certificate Signing Request
To ensure security, it is strongly recommended that you obtain and upload a secure server certificate to CMC. Secure
server certificates ensure the identity of a remote system and that information exchanged with the remote system
cannot be viewed or changed by others. Without a secure server certificate, CMC is vulnerable to access from
unauthorized users.
To obtain a secure server certificate for CMC, you must submit a Certificate Signing Request (CSR) to a certificate
authority of your choice. A CSR is a digital request for a signed, secure server certificate containing information about
your organization and a unique, identifying key.
After generating the CSR, you are prompted to save a copy to your management station or shared network, and the
unique information used to generate the CSR is stored on CMC. This information is used later to authenticate the server
certificate you receive from the certificate authority. After you receive the server certificate from the certificate
authority, you must then upload it to CMC.
NOTE: For CMC to accept the server certificate returned by the certificate authority, authentication information
contained in the new certificate must match the information that was stored on CMC when the CSR was
generated.
CAUTION: When a new CSR is generated, it overwrites any previous CSR on CMC. If a pending CSR is overwritten
before its server certificate is granted from a certificate authority, CMC does not accept the server certificate
because the information it uses to authenticate the certificate has been lost. Take caution when generating a CSR
to prevent overwriting any pending CSR.
Generating a New Certificate Signing Request Using Web Interface
To generate a CSR using the CMC Web interface:
1.
In the system tree, go to Chassis Overview, and then click Network
→
SSL. The SSL Main Menu is displayed.
2.
Select Generate a New Certificate Signing Request (CSR) and click Next. The Generate Certificate Signing Request
(CSR) page is displayed.
3.
Type a value for each CSR attribute value.
4.
Click Generate. A File Download dialog box appears.
5.
Save the csr.txt file to your management station or shared network. (You may also open the file at this time and
save it later.) You must later submit this file to a certificate authority.
Generating CSR Using RACADM
To generate a CSR, use the objects in
cfgRacSecurityData
group to specify the values and use the
sslcsrgen
command to generate the CSR. For more information, see the
RACADM Command Line Reference Guide for iDRAC7 and
CMC
available at dell.com/support/manuals.
Uploading Server Certificate
After generating a CSR, you can upload the signed SSL server certificate to the CMC firmware. CMC resets after the
certificate is uploaded. CMC accepts only X509, Base 64 encoded Web server certificates.
CAUTION: During the certificate upload process, CMC is not available.
Uploading Server Certificate Using CMC Web Interface
To upload a server certificate using the CMC Web interface:
77
Содержание Chassis Management Controller
Страница 1: ...Dell Chassis Management Controller Firmware Version 4 3 User s Guide ...
Страница 42: ...42 ...
Страница 56: ...56 ...
Страница 84: ...84 ...
Страница 98: ...98 ...
Страница 104: ...104 ...
Страница 130: ...130 ...
Страница 136: ...136 ...
Страница 200: ...200 ...
Страница 214: ...214 ...