Installation Manual
Configuring the iDRAC6 Using the Web Interface 63
Secure Sockets Layer (SSL)
The iDRAC6 includes a Web server that is configured to use the
industry-standard SSL security protocol to transfer encrypted data over a network.
Built upon public-key and private-key encryption technology, SSL is a widely
accepted technology for providing authenticated and encrypted communication
between clients and servers to prevent eavesdropping across a network.
An SSL-enabled system can perform the following tasks:
• Authenticate itself to an SSL-enabled client
• Allow the client to authenticate itself to the server
• Allow both systems to establish an encrypted connection
The encryption process provides a high level of data protection. The iDRAC6
employs the 128-bit SSL encryption standard, the most secure form of
encryption generally available for Internet browsers in North America.
The iDRAC6 Web server has a Dell self-signed SSL digital certificate (Server
ID) by default. To ensure high security over the Internet, replace the Web
server SSL certificate with a certificate signed by a well-known certificate
authority. To initiate the process of obtaining a signed certificate, you can use
the iDRAC6 Web interface to generate a Certificate Signing Request (CSR)
with your company’s information. You can then submit the generated CSR to
a Certificate Authority (CA) such as VeriSign or Thawte.
Certificate Signing Request (CSR)
A CSR is a digital request to a CA for a secure server certificate. Secure server
certificates allow clients of the server to trust the identity of the server they
have connected to and to negotiate an encrypted session with the server.
A Certificate Authority is a business entity that is recognized in the
IT industry for meeting high standards of reliable screening, identification,
and other important security criteria. Examples of CAs include Thawte and
VeriSign. After the CA receives a CSR, they review and verify the information
the CSR contains. If the applicant meets the CA’s security standards,
the CA issues a digitally-signed certificate that uniquely identifies that
applicant for transactions over networks and on the Internet.
After the CA approves the CSR and sends the certificate, upload the
certificate to the iDRAC6 firmware. The CSR information stored on the
iDRAC6 firmware must match the information contained in the certificate.