Troubleshooting
PAGE 12 OF 24
Encryption
The SSL security protocol that is built upon public key/private key encryption technology has been
universally accepted on the World Wide Web for authenticated and encrypted communication
between clients and servers to prevent eavesdropping across the network. Running above TCP/IP
and below higher-level protocols such as HTTP, SSL allows an SSL-enabled server to
authenticate itself to an SSL-enabled client and the client to authenticate itself to the server. SSL
allows both servers to establish an encrypted connection.
SSL Certificate Management
DRAC 5 ships with a default self-signed SSL certificate. DRAC 5 uses 1024-bit RSA with SHA-1.
Dell strongly recommends replacing the default certificate with your own SSL certificate to secure
the DRAC 5 since all DRAC 5 cards ship with the same SSL certificate and with the same SSL
private key.
The DRAC 5 server SSL certificate is used by the web server, Virtual Media server, and Console
Redirection server.
Administrators can replace the DRAC 5 server SSL certificate using the following steps:
Generate the CSR and the Private Key from a DRAC 5. 1024-bit, 2048-bit and 4096-bit RSA
key are supported.
Dell strongly recommends having CSR CN (common name) set to be the same as your DRAC 5
RAC name to avoid a host name mismatch complaint during SSL connection from browsers.
Large certificate asymmetric key size (RSA key size) can affect DRAC 5 performance.
Microsoft PKI best practices suggest using 1024-bit to secure your web server application.
Sign the CSR by a trusted CA.
Upload the signed CSR (Certificate) to your DRAC 5.
Supported SSL Cipher Suites
DRAC 5 supports SSL version 3 and TLS version 1.0. The following are ciphers supported on
DRAC 5:
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_MD5
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA