Installation Manual

ManualsBrandsDell ManualsComputers & AccessoriesHigh-End Dell PowerEdge R720 Server 2 x 2.60Ghz E5-2670 8C 192GB 8 x 2TB (Certified Refurbished)

121

122

123

124

125

126

127

128

129

130

Installing SSL Certificate For Each Domain Controller

To install the SSL certificate for each controller:

1. Click Start → Administrative Tools → Domain Security Policy .

2. Expand the Public Key Policies folder, right-click Automatic Certificate Request Settings and click Automatic

Certificate Request.

The Automatic Certificate Request Setup Wizard is displayed.

3. Click Next and select Domain Controller.

4. Click Next and click Finish. The SSL certificate is installed.

Exporting Domain Controller Root CA Certificate to iDRAC7

NOTE: If your system is running Windows 2000 or if you are using standalone CA, the following steps may vary.

To export the domain controller root CA certificate to iDRAC7:

1. Locate the domain controller that is running the Microsoft Enterprise CA service.

2. Click Start → Run.

3. Enter mmc and click OK.

4. In the Console 1 (MMC) window, click File (or Console on Windows 2000 systems) and select Add/Remove Snap-in.

5. In the Add/Remove Snap-In window, click Add.

6. In the Standalone Snap-In window, select Certificates and click Add.

7. Select Computer and click Next.

8. Select Local Computer, click Finish, and click OK.

9. In the Console 1 window, go to Certificates Personal Certificates folder.

10. Locate and right-click the root CA certificate, select All Tasks, and click Export....

11. In the Certificate Export Wizard, click Next, and select No do not export the private key.

12. Click Next and select Base-64 encoded X.509 (.cer) as the format.

13. Click Next and save the certificate to a directory on your system.

14. Upload the certificate you saved in step 13 to iDRAC7.

Importing iDRAC7 Firmware SSL Certificate

iDRAC7 SSL certificate is the identical certificate used for iDRAC7 Web server. All iDRAC7 controllers are shipped with a

default self-signed certificate.

If the Active Directory Server is set to authenticate the client during an SSL session initialization phase, you need to

upload iDRAC7 Server certificate to the Active Directory Domain controller. This additional step is not required if the

Active Directory does not perform a client authentication during an SSL session’s initialization phase.

NOTE: If your system is running Windows 2000, the following steps may vary.

NOTE: If iDRAC7 firmware SSL certificate is CA-signed and the certificate of that CA is already in the domain

controller's Trusted Root Certificate Authority list, do not perform the steps in this section.

To import iDRAC7 firmware SSL certificate to all domain controller trusted certificate lists:

1. Download iDRAC7 SSL certificate using the following RACADM command:

racadm sslcertdownload -t 0x1 -f <RAC SSL certificate>

2. On the domain controller, open an MMC Console window and select Certificates → Trusted Root Certification

Authorities

128