We might experience the following error code “no trusted certificate found” while opening the iDRAC console via chrome browser using java.
In this case the issue might get fixed while we try to open iDRAC console via Internet Explorer and there are few cases were opening via internet explorer too might not work and in this situation the following below mentioned steps will help to resolve the issue
Solution:
Please follow the below steps to resolve the issue
- Note the iDRAC console URL from browser
- Go to Start menu or Windows Search bar and type Configure Java and open the application
- Configure Java will open Java Control panel were we could see different tabs like General, Update, Java, Security and Advanced panel
- Go to Security tab and click Edit site list and add the iDRAC console URL in the popup exception site list and click OK
- Now try to open iDRAC console and validate whether everything works fine.
If you face any issue in following the same or if you have any other tips, feel free to let us know via comments session below.
Dell iDRAC Web GUI Error – ERR_SSL_SERVER_CERT_BAD_FORMAT
Issue :-
iDRAC web GUI console unable to launch due to the SSL Certificate issue.
Error: —
doesn’t adhere to security standards.
ERR_SSL_SERVER_CERT_BAD_FORMAT
Reconfigure Self Signed Cert :–
1 ) ssh to iDRAC ip and supply iDRAC user and password ( default is user:root , pass : calvin ).
ssh -o «IdentitiesOnly yes » root@<drac ip>
Ex :-
[somasekhar.a@test ~]$ ssh -o «IdentitiesOnly yes» root@192.168.0.122
2) Run the below command.
/admin1-> racadm sslresetcfg
Certificate regenerated successfully and webserver restarted
Now try to relaunch iDRAC web GUI console. Still if its not working then have to soft reset iDRAC system. Run the below command
racadm racreset soft
Ex:-
/admin1-> racadm racreset soft
RAC reset operation initiated successfully. It may take up to a minute
for the RAC to come back online again.
Wait for 2/3 minutes then try to relaunch iDRAC web GUI console.
Popular posts from this blog
How to find outgoing IP in Linux ?
Here is a small snippet to find outgoing IP of your Linux box. 1. To find the outgoing internal IP only # ip route get 8.8.8.8 | head -1 | gawk ‘{ print $7 }’ 2. To find the outgoing internal IP along with interface. # ip route get 8.8.8.8 | head -1 | gawk ‘{ print $5,$7 }’ 3. In-case if your system is connected to Internet, to find the outgoing external IP # curl ifconfig.me Note: In case if your system having public IP assigned then there is no difference between outgoing internal IP and external IP (both are same).
How to resolve InitializeSandbox() called with multiple threads in process gpu-process. Error in Linux with Google Chrome ?
How to resolve InitializeSandbox() called with multiple threads in process gpu-process. Error in Linux with Google Chrome ? Hello Everyone, While launching google chrome browser, if you are getting below error in Linux, remove Google Chrome config directory from your home folder. ❯❯ ~ 18:03 google-chrome-stable [ 45359:45359:0125/180542.953317:ERROR:sandbox_linux.cc ( 378 ) ] InitializeSandbox ( ) called with multiple threads in process gpu-process. Note : Doing below command will delete your chrome data, hope you have enabled cloud sync. So remove config directory of google chrome from your home directory ❯❯ ~ 18:07 rm -rf ~/.config/google-chrome Then launch google chrome again Hope it helps. Thanks Raaz
Uploading files to FTP/SFTP using CURL
Hello, Today I am writing below article which can help you to upload files to SFTP/FTP by using CURL. Ok why we need that ? Let me tell explain!! How we login into SFTP/FTP ? [root@virt03 test]# sftp 192.168.56.110 Connecting to 192.168.56.110… root@192.168.56.110’s password: sftp> ls anaconda-ks.cfg nodes post-install post-install.log sftp> exit and uploading files with put command. Its a lengthy way. So recently I have gone through few articles and with some R&D I have modified it as script and command-line argument support.So you can call the script with filename as argument. So Lets do this!!! Command 1 : This is for uploading a single to SFTP/FTP by using CURL. SFTP curl -k -u virt03:virt03 -T file4 sftp://192.168.56.110/home/virt03/ Syntax : curl -k -u username:password -T filename sftp://IP_Addreess OR Hostname:/path/to/upload FTP curl -k -u virt03:virt03 -T f
FYI,
iDRAC 6.00.00 has been posted on Dell support site. This release supports importing custom certificates which contain wildcards. See example below of importing custom cert. For POST import, i pass in «CustomCertificate» value for cert type.
[root@SCPexport ca]# openssl req -new -sha256 -key key.pem -out csr.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:Texas
Locality Name (eg, city) [Default City]:Austin
Organization Name (eg, company) [Default Company Ltd]:Dell Technologies
Organizational Unit Name (eg, section) []:Server Test
Common Name (eg, your name or your server's hostname) []:**test@example.com**
Email Address []:tester@dell.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@SCPexport ca]# openssl req -x509 -sha256 -days 365 -key key.pem -in csr.csr -out certificate.pem
[root@SCPexport ca]# openssl pkcs12 -export -out client-identity_pwd.p12 -inkey key.pem -in certificate.pem
Enter Export Password:
Verifying - Enter Export Password:
[root@SCPexport ca]# base64 client-identity_pwd.p12 > test_wildcard.pem
[root@SCPexport ca]# python3 ExportImportSSLCertificateREDFISH.py -ip 192.168.0.120 -u root -p calvin --get-cert-types
- Support cert type values for ExportSSLCertificate -
['CA', 'CSC', 'ClientTrustCertificate', 'Server']
- Support cert type values for ImportSSLCertificate -
['CA', 'CSC', 'ClientTrustCertificate', '**CustomCertificate**', 'Server']
[root@SCPexport ca]# python3 ExportImportSSLCertificateREDFISH.py -ip 192.168.0.120 -u root -p calvin --import --cert-type **CustomCertificate** --filename test_wildcard.pem
- PASS: POST command passed for ImportSSLCertificate method, status code 202 returned
- INFO, iDRAC reboot is needed to apply the new certificate if using version older than 6.00.00, pass in "y" to reboot iDRAC now or "n" to not reboot: n
[root@SCPexport ca]#
Если «что-то пошло не так» после установки сертификата SSL на Dell IPMI — iDRAC и вы потеряли доступ к веб консоли (у меня это было не корректное использование crypto key и поэтому ни один браузер не открывал стартовую страницу)
Хорошая статья по управлению SSL через WEB UI или SSH (racadm): http://en.community.dell.com/techcenter/systems-management/w/wiki/11443.idrac-web-server-certificate-management
racadm
racadm sslcertview -t 1
racadm sslresetcfg
racadm racreset soft
- Отмечено
- dell
- idrac
- ssl
Hi guys,
I have a client with SBS 2011 that’s using a basic self signed certificate (not using exchange, RWW, etc) and is basically running it as a domain controller/file server. The server is a Dell T320 with an iDRAC 7 express card. They’re running some new CC processing software that scans the network and so far the T320’s iDRAC card is being flagged for two reasons —
1. the open SSL vulnerability that Dell apparently says is not an issue: http://en.community.dell.com/cfs-file.ashx/__key/communityserver-discussions-components-files/177/23… Opens a new window
They supposedly will be pushing out a fix sometime in the first quarter of 2015 that will please software scanners (not throw a flag), but for now they say regardless of what the scan’s say, their hardware isn’t vulnerable.
2. iDRAC’s SSL cert is self signed and is only 1024 bits. Will the 2048 bit SBS cert I’m using on the network work for the iDRAC? This particular client likes to keep their costs low, and while we wanted to have the option to use the card, it’s not really being utilized right now. If we disable the web browser (only use racadm commands) will that allow the client to pass the scans?
Thanks!