search

dell / iDRAC-Redfish-Scripting

Python and PowerShell scripting for Dell EMC PowerEdge iDRAC REST API with DMTF Redfish
GNU General Public License v2.0
600 stars 278 forks source link

ldap import cert for ssl #190

Closed stranger12345678 closed 2 years ago

stranger12345678 commented 2 years ago

How do we import CA SSL cert for secure ldap ? I see attribute for certificate validation: <Attribute Name="ActiveDirectory.1#CertValidationEnable">Enabled</Attribute>

But unsure how to Upload Directory Service CA Certificate using SCP or any other API

texroemer commented 2 years ago

Hi @stranger12345678

SCP does support importing certs but not signed CA certs. This support though will be coming in a future iDRAC release.

But you can import CA cert for directory service using "ExportImportSSLCertificateREDFISH.py" script. Please review the help text for details (see below in bold, option to import this cert type).

C:\Python39>ExportImportSSLCertificateREDFISH.py -h usage: ExportImportSSLCertificateREDFISH.py [-h] -ip IP -u U -p P [-e E] [-i I] [-sct SCT] [-ct CT] [-scf SCF]

Python script using Redfish API with OEM extension to either export or import SSL certificate locally

positional arguments: script_examples ExportImportSSLCertificateREDFISH.py -ip 192.168.0.120 -u root -p calvin -e y -sct 1", this example will export Web Server Certificate locally - "ExportImportSSLCertificateREDFISH.py -ip 192.168.0.120 -u root -p calvin -i y -ct 4 -scf ssl_cert.pem", this example will import client trust certificate

optional arguments: -h, --help show this help message and exit -ip IP iDRAC IP address -u U iDRAC username -p P iDRAC password -e E Export SSL cert, pass in "y". Argument -sct is also required for export SSL cert -i I Import SSL cert, pass in "y". Argument -ct and -scf is also required for import SSL cert -sct SCT Pass in SSL cert type for export. Supported values are: 1 for "Server"(Web Server Certificate), 2 for "CSC"(Custom Signing Certificate), 3 for "CA"(CA certificate for Directory Service:), 4 for "ClientTrustCertificate" -ct CT Pass in cert type for import. Supported values are: 1 for "Server"(Web Server Certificate), 2 for "CSC"(Custom Signing Certificate), 3 for "CA"(CA certificate for Directory Service), 4 for "ClientTrustCertificate" -scf SCF Pass in the file name which contains the certificate to import. Cert file contents should start with open tag "-----BEGIN CERTIFICATE-----" and end tag "-----END CERTIFICATE-----"