Unsolved
This post is more than 5 years old
9 Posts
0
31824
OMSA self signed certificate - CLI generation and assignment of the self-signed certificate?
So I scanned one of my boxes with Nessus & it returns the following:
- SSL Certificate Cannot Be Trusted
- SSL Self-Signed Certificate
- SL RC4 Cipher Suites Supported
- SSL Medium Strength Cipher Suites Supported
- SSL Weak Cipher Suites Supported
- SL Certificate Chain Contains RSA Keys Less Than 2048 bits
So I went to them OMSA page & changed the SSL Encryption level to 128 bit or higher & Signing to SHA512
I then generated a new self signed cert with 2048 bits & bounced the DSM SA Connection Service... still no joy on the RC4 cipher... that turns out to be:
Edit "C:\Dell\ServerAdministrator\apache-tomcat\conf\server.xml" & remove "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5" from the line:
Save & bounce the service... this all leaves me with SSL Certificate Cannot Be Trusted and SSL Self-Signed Certificate vulnerabilities which I will likely live with...
So what I need help with... is there a way to programatically generate & assign the self-signed certificate?
I need to do this to my entire fleet.
LarryDNail
9 Posts
0
October 2nd, 2013 09:00
DELL-Geoff P
990 Posts
0
October 2nd, 2013 09:00
So what I need help with... is there a way to programatically generate & assign the self-signed certificate?
After researching, it appears that it has to be done manually through each server and the web interface only. We looked and tested; it looks like the omconfig command interacts directly with the instrumentation and doesn't go through the web service.
Some one else in the community may have figured a way around this.
Regards,