1 Rookie
•
7 Posts
0
53
April 30th, 2025 17:35
RACADM sslcsrgen Command Throwing Errors
We have iDARC 7, 8, 9 on these firmware versions:
'2.65.65.65' {7} # R720, R820
'2.86.86.86' {8} # R630, R730
'7.00.00.181' {9} # R740
'7.20.10.50' {9} # R750, R760, R450
I am using this script to try to generate and download a CSR from a remote server. I have the latest version of the iDRAC tools installed on the VM where I am running these commands:
# Set variables
$Servers = "hostname"
$pwd = "idracpass"
$Date = Get-Date -f yyyy-MM-dd
$Dir = Split-Path -Path $Script:MyInvocation.MyCommand.Path -Parent
$File = "$Dir\createiDRACSSLCSR_$Date.txt"
# Start transcript
Start-Transcript -Append $File
foreach ($Server in $Servers) {
Write-Host $Server -ForegroundColor Magenta
$CN = "idrac-$(($Server).ToLower()).mydomain.com"
$CSRFile = $Dir + "\CSR\$CN" + ".csr"
# Test to make sure RACADM is installed on the local server (where you are running script)
$rac = & racadm getsysinfo
# Get iDRAC IP address
$IP = Resolve-DnsName "idrac-$Server" | Select -ExpandProperty IPAddress
if ($rac) {
& racadm -r $IP -u root -p $pwd --nocertwarn set iDRAC.NIC.DNSDomainName mydomain.com
& racadm -r $IP -u root -p $pwd --nocertwarn set iDRAC.NIC.DNSRegister Enabled
& racadm -r $IP -u root -p $pwd --nocertwarn set iDRAC.Security.CsrKeySize 2048
& racadm -r $IP -u root -p $pwd --nocertwarn set iDRAC.Security.CsrCommonName $CN
& racadm -r $IP -u root -p $pwd --nocertwarn set iDRAC.Security.CsrOrganizationName "My Company name"
& racadm -r $IP -u root -p $pwd --nocertwarn set iDRAC.Security.CsrOrganizationUnit "Information Technology"
& racadm -r $IP -u root -p $pwd --nocertwarn set iDRAC.Security.CsrLocalityName City
& racadm -r $IP -u root -p $pwd --nocertwarn set iDRAC.Security.CsrStateName State
& racadm -r $IP -u root -p $pwd --nocertwarn set iDRAC.Security.CsrCountryCode US
& racadm -r $IP -u root -p $pwd --nocertwarn set iDRAC.Security.CsrEmailAddr emailadd@mydomain.com
& racadm -r $IP -u root -p $pwd --nocertwarn set iDRAC.Security.CsrSubjectAltName $CN,$IP
& racadm -r $IP -u root -p $pwd --nocertwarn racreset soft
Start-Sleep -Seconds 60 # Give the reset a chance to complete.
& racadm -r $IP -u root -p $pwd --nocertwarn sslcsrgen –g –f $CSRFile
}
else {Write-Host "RACADM is not installed on the server where the script is running." -ForegroundColor Yellow}
#Remove-Variable -Name rac, IP, CSRFile, CN
}
# End transcript
Stop-Transcript
Everything works fine and I can manually generate the CSR from the webUI, but this line:
& racadm -r $IP -u root -p $pwd --nocertwarn sslcsrgen –g –f $CSRFile
& racadm -r $IP -u root -p $pwd --nocertwarn sslcsrgen –g –f $CSRFile
keeps throwing this error:
racadm : ERROR: RAC917 : The syntax of the specified command is not correct.
I have tried everything to get this command to work including:
1. Typing in the variables: & racadm -r "10.10.15.9" -u root -p "calvin" --nocertwarn sslcsrgen –g –f "e:\test.txt"
2. Using single, double and no quotes.
3. Running the command from a Powershell window: racadm -r "10.10.15.9" -u root -p "calvin" --nocertwarn sslcsrgen –g –f "e:\test.txt"
4. Generate only no download
and many other things, like doing a soft reset just prior to the generation and download of the CSR.
Does anyone have a working method or Powershell script which does this successfully?
Does anyone have a working method or Powershell script which does this successfully?
No Events found!
isd503
1 Rookie
•
7 Posts
0
May 5th, 2025 14:09
After further testing I found the sslcsrgen command does not run in Powershell. It will run in a command window. There is probably a way to run it in a command window from within Powershell but I did not want to spend more time on it. Recommend just separating this command into a separate .cmd file and run it outside Powershell:
racadm -r "10.10.15.9" -u root -p "calvin" --nocertwarn sslcsrgen –g –f "e:\test.txt"