Licensing and firmware update
SEKM is a licensed feature with the iDRAC Enterprise license as a pre-requisite. To avoid an additional iDRAC firmware update, it is recommended that the SEKM license is installed first and then the iDRAC firmware is updated to a version that supports SEKM. This is because an iDRAC firmware update is always required after the SEKM license is installed irrespective of whether the existing firmware version supports SEKM or not. The existing interface methods for installing license and firmware update can be used for SEKM.
Set up SSL certificate
The SEKM solution mandates two-way authentication between the iDRAC and the ESKM. iDRAC authentication requires generating a CSR on the iDRAC and then getting it signed by a CA on the ESKM and uploading the signed certificate to iDRAC. For ESKM authentication, the ESKM CA certificate must be uploaded to iDRAC.
Generate iDRAC CSR
Though most of the CSR properties are standard and self-explanatory, here are a few important guidelines:
If the “Username Field in Client Certificate” option on the ESKM is enabled, then ensure that the iDRAC account username on the ESKM is entered in the correct field (CN or OU or ESKM User ID) that matches the value selected in the ESKM.
If the Require Client Certificate to Contain Source IP field is enabled on the KMS then enable the “iDRAC IP Address in CSR” field during the CSR generation.