Skip to main content
Start a Conversation

Unsolved

LT

linux-tg

1 Rookie

 • 

15 Posts

239

December 11th, 2024 10:31

iDRAC8 certificate not working

Hi,

We tried to update a signed certificate on a Dell R730xd with iDRAC8. It failed. The certifcate both private and chain were uploaded succesfully but after the racreset. The web server of the iDRAC8 is not reachable and gives the follwing error:

If we check the cert witin the idrac (cmdline) it all looks fine:

/admin1-> racadmracadm>>sslcertview -t 1racadm sslcertview -t 1Serial Number            : A67659223EBD048FC0A00480670EAB04Subject Information:Country Code (CC)        : NLState (S)                : UtrechtOrganization (O)         : SURF B.V.Common Name (CN)         : console.con.argos.surf.nlIssuer Information:Country Code (CC)        : GBState (S)                : Greater ManchesterLocality (L)             : SalfordOrganization (O)         : Sectigo LimitedCommon Name (CN)         : Sectigo ECC Organization Validation Secure Server CAValid From               : Aug 15 00:00:00 2024 GMTValid To                 : Aug 15 23:59:59 2025 GMT

We are running idrac version 2.86.86.86 (seems to be the latest and last..?)

DELL-Erman O

Moderator

 • 

2.8K Posts

December 11th, 2024 15:41

Hi,

You can try checking the iDRAC8 logs to see if there are any error messages related to the certificate or SSL/TLS configuration. Sometimes, a reboot can cause issues with iDRAC8 configurations, so try restarting the server and see if the problem persists.

 

Additionally, clear your browser's cache and cookies. It's possible that outdated cached information is causing the issue. Make sure to clear both the cache and cookies to ensure a fresh start.

 

If that doesn't work, try accessing the iDRAC web interface from a different browser. Some browsers might handle certificates and SSL/TLS configurations differently, so switching to a different browser might help resolve the issue.

 

Hope that helps!

linux-tg

1 Rookie

 • 

15 Posts

December 13th, 2024 07:11

Hi,

Unfortunatly that is not the case. Same certificate does work on a iDRAC9. So i guess something in the signing of the cert is not reckonized with the iDRAC8.

I think the not many are using signed certificates in this way on a old iDRAC anymore as well but maybe someone comes along.

DELL-Erman O

Moderator

 • 

2.8K Posts

December 13th, 2024 11:28

Hi,

Could you check these below steps please?

  1. Enable and register the iDRAC device IP into the DNS server
  2. Use the FQDN created at DNS to enter at CN fields and generate the CSR and use CA to sign it then upload to iDRAC device.
  3. Browse the iDRAC portal by it is FQDN.

linux-tg

1 Rookie

 • 

15 Posts

December 17th, 2024 10:13

Dear @DELL-Erman O​,

If you would have 1 or 2 hosts this could maybe an option. But we have more so we always used wildcard certificates in the past generated outside the drac.

I guess the ciphers that Sectigo uses and are available in the drac differ so you are not able then to do this (anymore).

Maybe more important to mention on Drac9 this works

(edited)

DELL-Erman O

Moderator

 • 

2.8K Posts

December 17th, 2024 13:08

Hi,

Strangely, it works on the iDRAC9, but not the 8?  That tells me that there's probably a difference in the cipher suite or SSL/TLS config between the two versions.

So, it might be easier to explore other options for cert gen and management, especially since you've already got a process going for wildcard certs. Maybe you could try a different CA or a different method that's compatible with the iDRAC8's cipher suite. 

Was this post helpful?

View All

No Events found!

Top