The following are required:
- A Windows-based host with Dell's RACADM software installed (for uploading the private key and certificate to the iDRAC) Please see Dell's web site to download the latest version of the RACADM utility. As of the writing of this KB article in January 2015, the current versions of the RACADM utility for Windows are available at these links (not owned or controlled by Blue Coat):
The iDRAC must be running at least firmware version 22.214.171.124. Please contact Blue Coat support or Dell to obtain this version of the iDRAC firmware. The firmware can be upgraded remotely with the following RACADM command:
C:\Program Files\Dell\SysMgt\rac5>racadm.exe -r <idrac-ip-address-or-name> -u root -p <idrac-root-password> fwupdate -d <c:\path\to\firmimg.d7>
- A host with the OpenSSL suite installed, for the below instructions.
1. Generate 2048-bit, sha256 private key & csr:
openssl req -newkey rsa:2048 -sha256 -keyout fqdn.key -out fqdn.csr
2. Remove passphrase from private key (private keys with pass phrases are not supported by iDRAC)
openssl rsa -in fqdn.key -out fqdn.key
3. Optionally, view/check key and signing request
openssl rsa -in fqdn.key -check
openssl req -in fqdn.csr -text -noout
4. Use the certificate signing authority to generate and provide a certificate
iDRAC7 accepts only X509, Base 64 encoded Web server certificates.
5. Optionally, view/check certificate to make sure it's sha256/2048bit
openssl x509 -in fqdn.pem -text -noout
Then on Windows with RACADM:
6. Upload the private key to the iDRAC
racadm.exe -r my-idrac-ip -u root -p calvin sslkeyupload -t 1 -f fqdn.key
7. Upload the new certificate
racadm.exe -r my-idrac-ip -u root -p calvin sslcertupload -t 1 -f certificate.pem
8. Reboot the idrac
racadm.exe -r my-idrac-ip -u root -p calvin racreset
Wait 5 minutes for the reset to complete.