Requirement

Environment

  • iDRAC settings (especially network related) has already been configured
  • Internal CA already configured
  • Internal CA certificate has already been installed on end-point machines
  • Latest iDRAC version is installed
  • DNS is working as per intended

Certificate Template

  1. From Certificate Authority (CA) server, open Certification Authority application
  2. Right click on Certification Authority (Local) > “Your CA” > Certificate Templates and choose Manage
  3. Find Web Server as we are going to use this template, or you can define your custom template

Certification

Generate Certificate Signing Request (CSR)

  1. Login to iDRAC from web interface
  2. Go to iDRAC Settings > Network > SSL
    Network = Connectivity on iDRAC 9
  3. We do not need to upload custom SSL Certificate Signing Cert
  4. Choose Generate CSR
  5. Fill in the Common name with FQDN of iDRAC and other fields appropriately
  6. Fill Subject Alternative Name (delimiter is , ) with short name and IP address. Do not use space after delimiter
  7. When we click on Generate, a csr file will be downloaded.
    Copy this file over to the next section

Sign CSR on CertSrv

  1. Open <certauth.fqdn.com>/certsrv from your web browser
  2. Click on Request a certificate
  3. Choose advanced certificate request
  4. Open csr.txt and copy the content into Saved Request form
  5. Choose Web Server template
  6. Fill in additional attributes: san:dns=myserver.mydomain.com[&dns=dns.name]
  7. Submit
  8. Choose Base 64 encoded and click on Download certificate

Sign CSR on CA

  1. Remote powershell into CA; or
    Remote desktop to CA and open elevated CMD
  2. Use the code at the bottom of this section (provided csr.txt from section above)
  3. CA list will be shown, choose the appropriate CA
  4. Choose location to save the generated file.
    Copy this file over to the next section
certreq -submit -attrib "CertificateTemplate: WebServer" csr.txt

Upload signed certificate

  1. Back to iDRAC web interface
  2. Go to iDRAC Settings > Network > SSL
    Network = Connectivity on iDRAC 9
  3. Choose Upload Server Certificate
  4. Pick the file from previous section, and Reset iDRAC
  5. Wait until iDRAC has been reset to see if SSL already applied
Last modified: 11 March 2024