Beginning in the iDRAC6, it have been possible to create a certificate leveraging the PKI and import certificates into the iDRACs. It allows to have more control over certificate creation process and allows to automate these processes. Lastly, this process can be leveraged to create and import a wildcard certificate into the iDRAC. From a security stand point, the use of wildcard is not a best practices; however, the process used to create any external certificate can also be leveraged for a wildcard certificate.
In order to import the SSL certificate you will need a private key, and a signed certificate for that key. Certificates can be third party provided or auto-generated. Here is a rudimentary example of certificate creation process utilizing OpenSSL in a windows environment:
Th1e installation will need to function as a Certificate Authority. This will allow us to issue or sign certificate request. Here are those steps:
bin>openssl.exe genrsa -aes256 -out keys/ca.key 2048
bin>openssl.exe req -config openssl.conf -new -x509 -days 3650 -key keys/ca.key -out certs/ca.cer
Now that a private key and certificate are available to use for a Certificate Authority, we can create a private key and CSR for the iDRAC and then sign this request leveraging our Certificate Authority certificate.
For the iDRAC, we'll need to have a key and a signed certificate to import into the web services. We can leverage OpenSSL to achieve these goals.
bin>openssl.exe req -new -config openssl.conf -newkey rsa:2048 -nodes -keyout idrac.key -out idrac.csr
bin>openssl.exe ca -policy policy_anything -config openssl.conf -cert certs/ca.cer -in requests/idrac_web.csr -keyfile keys/ca.key -days 365 -out certs/idrac_web.cer
With a private key and certificate pair, we can upload the key and certificate to the iDRAC. *Please note that for the following steps I copied the private key and the certificate to the root of the C drive for ease of access and to decrease the length of the commands.
racadm -r 10.14.177.107 -i sslkeyupload -t 1 -f C:\idrac_web.key
racadm -r 10.14.177.107 -i sslcertupload -t 1 -f c:\idrac_web.cer