12

I've got some servers with iDRAC7 Enterprise and I want to add my existing wildcard SSL certificate for my domain so that when I load the iDRAC webpage I get a valid certificate.

I've tried the "Upload Server Certificate" option but I can't seem to find the required format. If this was possible I would assume the format would be PEM or PKCS12, something that included the key as well as the certificate. And allowed intermediate certificates as well, but I can't seem to figure it out.

The other option that comes to mind is that IDRAC7 just doesn't support using an existing certificate, and you have to generate a new one, using its built in key, but that seems like a useless feature.

Edit: When I try to upload a PEM file that contains: key/cert/intermediate certs I get the following error: "RAC0508: An unexpected error occured. Wait for a few minutes and refresh the page. If the problem persists, contact service provider."

So, is it possible to upload an existing certificate to a server with iDRAC7, and if so how?

thelsdj
  • 830
  • 1
  • 11
  • 25

2 Answers2

10

After giving up a few times I finally figured out how to upload an SSL certificate with the RACADM command:

racadm -r <ip of idrac> -u <username> -p <password> sslkeyupload -t 1 -f filename.key
racadm -r <ip of idrac> -u <username> -p <password> sslcertupload -t 1 -f filename.cer

After running the second command, the server rebooted, iDRAC web interface was down for a minute, but when it came back, it was using my custom SSL certificate.

This page should tell you how to obtain RACADM if you don't already have it.

If you run it (as an administrator account) on the server you are trying to modify, you can leave off the -r and IP parameters. This is important if you are using iDRAC Express which does not allow remote RACADM access.

NOTE: If you've changed the HTTPS port of your iDRAC interface, you will need to specify :, As RACADM appears to use the HTTPS port for remote access.

thelsdj
  • 830
  • 1
  • 11
  • 25
  • 2
    I would like to note that the second command restarts the iDRAC, not the server. –  Oct 11 '13 at 15:14
  • I'm using a wildcard cert from comodo and getting errors about the key and cert not being trusted by third party and the cert attempt results in, "An invalid certificate is uploaded". Do I need another format (rather than raw key and crt) or do I need to figure out how to upload the chain so the certs are recognized? – rainabba Nov 06 '14 at 20:10
  • It constantly works using simple certificate (not wildcard). Thanks, thelsdj. – Valera Leontyev Mar 04 '15 at 11:48
  • Wildcard certificates are supported at least on CMC v5. Format for the private key is PEM. Format for the certificate is PEM with the CA bundle (PEM) concatenated to the end of the issued cert. The CMC did not appear to restart so I manually issued a `cmcchangeover` for good measure. – zamnuts Dec 18 '15 at 11:43
  • 1
    In addition to the steps above, I had to use `racadm racreset` before the new served was getting served. – rainabba Nov 16 '16 at 19:00
  • The link now says "Sorry! The Dell TechCenter page you are looking for cannot be found." – Andrew Savinykh Oct 05 '18 at 05:07
  • You must upload a password-less ssl key or you will get "ERROR: An invalid certificate is uploaded." when you try to upload the ssl cert. – Mark Woon Oct 21 '19 at 19:06
0

Try using this syntax if you get the error "The syntax of the specified command is not correct" :

racadm -r <ip of idrac> -u <username> -p <password> sslcertupload -f filename.cer -t 1
Andrew Schulman
  • 8,561
  • 21
  • 31
  • 47
silver.j.surfer
  • 1