Dieser Beitrag ist älter als 5 Jahre
1 Rookie
•
7 Nachrichten
0
2599
April 25th, 2019 00:00
iDRAC 8: Invalid certificate is uploaded
Hello,
we would like to replace the idrac certificate by an own certificate signed by our pki.
So I create a private key:
openssl genrsa -des3 -out idrac-private.key 2048
and a csr
prompt = no default_md = sha256 req_extensions = req_ext distinguished_name = dn [ dn ] C = MyCountry ST= MyState L = MyCity O = MyCompany OU = MyDepartment CN = idrac.mydomain.com [ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.1 = idrac.mydomain.com IP.1 = 10.11.12.13 openssl req -new -config /etc/ssl/zertifikat.conf -key idrac-private.key -out idrac.csr
Our PKI signed the certificate with SHA2.
Import key
racadm -r 10.11.12.13 -i sslkeyupload -t 1 -f C:\service\idrac-private.key SSL key successfully uploaded to the RAC
Import certificate
racadm -r 10.11.12.13 -i sslcertupload -t 1 -f C:\service\idrac.crt ERROR: An invalid certificate is uploaded
Whats the problem of the import and how can I import the Root-CA and the intermediate CAs?
BR
Christian
Keine Veranstaltungen gefunden!
christianmolecki
1 Rookie
•
7 Nachrichten
1
April 29th, 2019 05:00
Hello Stefan,
i got it.
The certification file (doesn't matter if cer or crt) must NOT end with an empty line.
correct:
wrong:
BR
Christian
DELL-Stefan R
Moderator
•
790 Nachrichten
0
April 29th, 2019 01:00
Hi Christian,
is this due to a wrong file type maybe?
I found this instruction on how to create and how to upload the certificate. The ending there is .cer instead of .crt - could this be the issue?
Dell PowerEdge: How to import an externally created custom certificate and private key into the iDRAC
Just an idea, maybe it helps.
Cheers
Stefan
DELL-Stefan R
Moderator
•
790 Nachrichten
0
April 29th, 2019 06:00
Hi Christian,
that's good news :)
Best solution is always the own one :D
Cheers for sharing!
Stefan