Importing iDRAC Firmware SSL Certificate
iDRAC SSL certificate is the identical certificate used for iDRAC Web server. All iDRAC controllers are
shipped with a default self-signed certificate.
If the Active Directory Server is set to authenticate the client during an SSL session initialization phase,
you need to upload iDRAC Server certificate to the Active Directory Domain controller. This additional
step is not required if the Active Directory does not perform a client authentication during an SSL
session’s initialization phase.
NOTE: If your system is running Windows 2000, the following steps may vary.
NOTE: If iDRAC firmware SSL certificate is CA-signed and the certificate of that CA is already in the
domain controller's Trusted Root Certificate Authority list, do not perform the steps in this section.
To import iDRAC firmware SSL certificate to all domain controller trusted certificate lists:
1. Download iDRAC SSL certificate using the following RACADM command:
racadm sslcertdownload -t 0x1 -f <RAC SSL certificate>
2. On the domain controller, open an MMC Console window and select Certificates → Trusted Root
Certification Authorities.
3. Right-click Certificates, select All Tasks and click Import.
4. Click Next and browse to the SSL certificate file.
5. Install iDRAC SSL Certificate in each domain controller’s Trusted Root Certification Authority.
If you have installed your own certificate, make sure that the CA signing your certificate is in the
Trusted Root Certification Authority list. If the Authority is not in the list, you must install it on all
your domain controllers.
6. Click Next and select whether you want Windows to automatically select the certificate store based
on the type of certificate, or browse to a store of your choice.
7. Click Finish and click OK. The iDRAC firmware SSL certificate is imported to all domain controller
trusted certificate lists.
Supported Active Directory Authentication Mechanisms
You can use Active Directory to define iDRAC user access using two methods:
• Standard schema solution, which uses Microsoft’s default Active Directory group objects only.
• Extended schema solution, which has customized Active Directory objects. All the access control
objects are maintained in Active Directory. It provides maximum flexibility to configure user access on
different iDRACs with varying privilege levels.
Related Links
Standard Schema Active Directory Overview
Extended Schema Active Directory Overview
Standard Schema Active Directory Overview
As shown in the following figure, using standard schema for Active Directory integration requires
configuration on both Active Directory and iDRAC.
144