One of the things I'm working on at work right now is updating all our iDRACs after Meltdown/Spectre. We had never had the SSL set up, we had just always clicked through the security warning. I got tired of this and decided to setup proper SSL from our enterprise CA,
At first I went to do a manual signing for a multi-year period with a wildcard issued from my enterprise CA, but I decided that automating it with PowerShell would be better, since it would be more dynamic, and scale to more servers.
In this post, I will be talking about setting
- generating a Certificate Signing Request (CSR) from the iDRAC,
- sign it with an enterprise CA,
- uploads the signed cert to the iDRAC, and
- reloads the iDRAC to apply the new cert