About

Christoph Rüegg

Maintaining .NET open source projects for 15 years and counting. Enjoying functional programming, distributed algorithms and number crunching.

Math.NET

Math.NET is an opensource initiative to build and maintain toolkits covering fundamental mathematics, targeting advanced but also every day needs of .Net developers.

Contributions

FsBlog FsLab Docu Paket FAKE Mono

Software Engineering

Sonova Hearing Aid Fitting

Lokad Business Analytics

Microsoft SDC Zurich

ewl energie wasser luzern

Swiss Army Comm/GIS

NagraVision Kudelski Group

Subscribe

How to create 2048bit Certificate CSRs for Dell's iDRAC6

on Server Management

In case you happen to manage a recent DELL server with a dedicated iDRAC remote management card and you'd like to secure it by using your own certificate, you'll have to request a certificate based on a CSR request created directly in the iDRAC web interface.

Unfortunately these CSRs have only 1024 bit keys, which get refused by some public certificate authorities like StartCom (for security reasons they require at least 2048 bits). You can't choose the bit length in the iDRAC web interface, but luckily there is another way to make it generate 2048 or 4096 bit long keys for the CSR using racadm from Dell's System Management Tools:

View the current configuration (all on 1 line):

1: 
2: 

racadm.exe -r [iDRAC IP] -u [user] -p [password]
getconfig -g cfgRacSecurity

Change the key length to 2048 bits (all on 1 line):

1: 
2: 

racadm.exe -r [iDRAC IP] -u [user] -p [password]
config -g cfgRacSecurity -o cfgRacSecCsrKeySize 2048

(Migrated Comments)

Dan Orum, September 7, 2010

If you are using the Express version of the iDRAC card, you can't use the racadm.exe utility with an IP address remotely. Instead, you need to run the utility on the local server without specifying the -r parameter.

Christoph Ruegg, September 11, 2010

Indeed, thanks for the hint!