Can a DRAC5 accept a self signed SSL certificate?
Jeff Larsen
jlar310 at gmail.com
Fri Apr 11 20:45:52 CDT 2008
On Fri, Apr 11, 2008 at 4:42 PM, W Sanders <wsanders1 at yahoo.com> wrote:
> I have an internal CA I have set up to allow users to accept one
> internal trusted cert and then all browsers certs will work when signed
> with that cert, and users won't be pestered with "Accept Cert?"
> messages.
>
> This procedure works fine with Apache but I have not been able to
> generate a certificate that the DRAC5 accepts, I get "Attempted to
> upload an invalid certificate" every time,
>
> My cert is generated with this command: openssl x509 -req -in csr.txt
> -out DRACcert.pem -md5 -extfile ./CAextfile -signkey private/cakey.pem
> -days 3650
>
> csr.txt is the CSR generated by the DRAC and my CA private key is
> "private/cakey.pem". The extfile contains the extensions
> basicConstraints=critical,CA:TRUE which are required by Apache, but the
> DRAC also rejects the cert if these extensions are omitted.
>
> So, Has anyone ever gotten the DRAC to accept a self-signed cert?
We use the built-in CA system in Windows Server 2003, so the procedure
is different. But I can assure you that the DRAC will accept a
self-signed cert as long as it is in the correct format. I know that
from the Windows CA, you must download the cert file as Base 64
encoded. Beyond that, I can't help with the openssl process. But it
should be doable.
And if you want to do your own certs for OMSA, the process is even less obvious.
--
Jeff
More information about the Linux-PowerEdge
mailing list