Applying SSL Certificates to iDRAC

Applying a Certificate to a Dell iDRAC Controller when using an internal Enterprise CA using ADCS

Applying an internal SSL certificates to devices to make sure all devices can be opened easily and without warnings in all browsers. These directions have worked so far on all recent versions of iDRAC (7, 8, & 9). Note the Gotcha in step 6 when using an internal CA.
​

1. Logon to the Dell iDRAC Controller in question.
2. Go to "iDRAC Settings"
3. Then select "Network" in iDRAC 7 & 8 but "Connectivity" in iDRAC 9
4. Click on "SSL"
5. Now we need to generate the CSR (Certificate Signing Request) that we will supply when requesting the cert from our internal Certificate Authority. So click on "Generate CSR"
6. A form will appear. Fill out the fields as you normally would but pay special attention to the COMMON NAME:
   Common Name: idrac-[servicetag].ad-domain.com (so example idrac-2g8eg42.ad-domain.com) NOTE: Make sure you include the AD FQDN in this field or you won't be able to upload your cert that you request - it will error out)
7. Once you fill in the fields, click "Generate"
8. You will get a prompt to save a txt file save it and call it something like "idrac-10.10.4.119_csr.txt" then open the file.
9. Do a "Ctril-A" and a "Ctrl-C" to copy the entire request text.
10. Open the CA request website at:  https://yourCAhostname.yourdomain.com/certsrv/
11. Click on: "Request a Certificate"
12. Click on: "Advanced certificate request"
13. Click on: "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file."
14. Paste the contents of the request you copied earlier from the txt file to the top field labled: "Base-64-encoded certificate request (CMC or PKCS #10 or PKCS #7):"
15. Certificate Template should be "Web Server" (or the cert template you use internally for web servers)
16. In the attributes field, we need to enter some text to add a "Subject Alternative Name" to the cert that includes the IP address. This is so we don't get a warning when we access the iDRAC by the IP address. So, for an iDRAC that has the IP address of 10.10.4.119 that text would be "san:ipaddress=10.10.4.119" without the quotes (only the bold text).
17. Once all the above is filled out, click the "Submit >" button.
18. You will get a prompt that says something like "This web site is attempting to perform a digital certificate operation on your behalf..." it is OK to just say "Yes" to that prompt.
19. The certificate should be issued immediately, and you should see a screen that will allow you to download your certificate.
20. Switch the radio button to the "Base 64 encoded" format.
21. Click on the "Download certificate" link.
22. Save the certificate in a convenient spot with a .cer extension. (like [ipaddress].cer)
23. Back in iDRAC, click on the "Upload Server Certificate" link to upload your new certificate.
24. Choose the file you just created and say Ok or Apply (depending on the version of iDRAC).
25. You may get prompted to Reset iDRAC - if so go ahead and accept that. If you don't get prompted, you will need to reset the iDRAC before your certificate settings will apply.
26. Once the iDRAC is rebooted, you should reconnect and now your certificate will show as valid.
    
    NOTE: You MUST close the tab you have been working in for the new certificate to get loaded - simply refreshing the screen over and over might show the newly rebooted iDRAC, but it will NOT usually reload the new certificate. So close the tab and reload the iDRAC, and if at that point you still get a cert warning, you did something wrong. If not you are finished.