Dell PowerEdge R830 Integrated Remote Access Controller 8 Version 2.70.70.70 U - Page 127
Enabling SSL on domain controller, Installing SSL certificate for each domain controller
![]() |
View all Dell PowerEdge R830 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 127 highlights
Enabling SSL on domain controller When iDRAC authenticates users with an Active Directory domain controller, it starts an SSL session with the domain controller. At this time, the domain controller must publish a certificate signed by the Certificate Authority (CA)-the root certificate of which is also uploaded into iDRAC. For iDRAC to authenticate to any domain controller-whether it is the root or the child domain controller-that domain controller must have an SSL-enabled certificate signed by the domain's CA. If you are using Microsoft Enterprise Root CA to automatically assign all your domain controllers to an SSL certificate, you must: 1. Install the SSL certificate on each domain controller. 2. Export the Domain Controller Root CA Certificate to iDRAC. 3. Import iDRAC Firmware SSL Certificate. Related tasks Installing SSL certificate for each domain controller Exporting domain controller root CA certificate to iDRAC Importing iDRAC firmware SSL certificate Installing SSL certificate for each domain controller To install the SSL certificate for each controller: 1. Click Start > Administrative Tools > Domain Security Policy. 2. Expand the Public Key Policies folder, right-click Automatic Certificate Request Settings and click Automatic Certificate Request. The Automatic Certificate Request Setup Wizard is displayed. 3. Click Next and select Domain Controller. 4. Click Next and click Finish. The SSL certificate is installed. Exporting domain controller root CA certificate to iDRAC NOTE: If your system is running Windows 2000 or if you are using standalone CA, the following steps may vary. To export the domain controller root CA certificate to iDRAC: 1. Locate the domain controller that is running the Microsoft Enterprise CA service. 2. Click Start > Run. 3. Enter mmc and click OK. 4. In the Console 1 (MMC) window, click File (or Console on Windows 2000 systems) and select Add/Remove Snap-in. 5. In the Add/Remove Snap-In window, click Add. 6. In the Standalone Snap-In window, select Certificates and click Add. 7. Select Computer and click Next. 8. Select Local Computer, click Finish, and click OK. 9. In the Console 1 window, go to Certificates Personal Certificates folder. 10. Locate and right-click the root CA certificate, select All Tasks, and click Export.... 11. In the Certificate Export Wizard, click Next, and select No do not export the private key. 12. Click Next and select Base-64 encoded X.509 (.cer) as the format. 13. Click Next and save the certificate to a directory on your system. 14. Upload the certificate you saved in step 13 to iDRAC. Importing iDRAC firmware SSL certificate iDRAC SSL certificate is the identical certificate used for iDRAC Web server. All iDRAC controllers are shipped with a default self-signed certificate. If the Active Directory Server is set to authenticate the client during an SSL session initialization phase, you need to upload iDRAC Server certificate to the Active Directory Domain controller. This additional step is not required if the Active Directory does not perform a client authentication during an SSL session's initialization phase. NOTE: If your system is running Windows 2000, the following steps may vary. Configuring user accounts and privileges 127
![](/manual_guide/products/dell-poweredge-c6320p-integrated-remote-access-controller-8-version-2707070-users-guide-f520c3e/127.png)