SSL

A blank csr.txt fileA interesting quirk of an issue with this one; when generating a CSR to secure the iDRAC (version 8) interface on a Dell T430 server it appears that you can’t use an apostrophe in any of the fields else you are presented with a empty/blank csr.txt file (see right).

The work around is simple if a little annoying (especially when CSRs generated with other tools allow apostrophes) in that you remove the apostrophe from all of fields in the request. I’d imagine this is the same for other special characters as well.

A bit of an interesting one today; while provisioning a pair of shiny new Dell T430s I had obtained and uploaded a valid 3rd party signed SSL certificate to the iDRAC interface with a view to ensuring that whenever an administrator accessed the interface they didn’t get a invalid certificate warning.

However after uploading the certificate and restarting iDRAC I was presented with an error message in Internet Explorer starting that ‘The security certificate provided by this website is not secure’. In researching this it appeared that the site was either running a very old version of SSL or that the certificate had become ‘mangled’ in the server somehow. Either way Internet Explorer, Google Chrome and Firefox did not allow me to bypass this error message.

On way to resolve this issue was by accessing the server via SSH and running some commands (see screen shot sequence below for the details)…

One of my goals of this site is to raise the profile (even if just a little) of the issues that UK schools face throughout the year.

One such problem is how to deploy remotely accessible services (VPNs/Terminal Server/Citrix VDI/or the famous Home Access Plus+) in a secure but low cost manner. Obviously a key part of these services is security and for modern web security you need a SSL Security Certificate.

Most hosting companies will charge £40+ a year for even the most basic of SSL certificates (and personally I would put that into more RAM for a server!) but luckily JANET (the Joint Academic NETwork) offers any school, college or university completely free security certificates.

Schools have the extra hoop to jump through in the sense that they have to apply through their LEA/RBC; but, I know for one thing Oxfordshire County Council are doing well with this and we already have two certificates protecting both our web portal and VPN.

For more information visit the JANET Certificate Service web page.