This post is more than 5 years old
4 Posts
0
4982
November 28th, 2016 21:00
OpenManage Switch Administrator with HTTPS SHA 256 CSR on N4032F, possible?
Hi,
we have a Dell Networking N4032F Switch with Dell OpenManage Switch Administrator Version 6.0.0.8.
Since SHA-1 is not supported by browsers in 2017, I would like to change the certificate to SHA-256 or higher on the switch.
What OMSA version do I need to generate a SHA-256 CSR? Or is there another way, like uploading key+certifacte from openssl?
Tobias
0 events found
No Events found!
DELL-Josh Cr
Moderator
•
9.6K Posts
•
42.1K Points
0
November 30th, 2016 08:00
It supports SHA 256. It does not look like 512 is added yet.
DELL-Josh Cr
Moderator
•
9.6K Posts
•
42.1K Points
0
December 1st, 2016 09:00
You would generate the certificate elsewhere and copy it to the switch through tftp Page 1963 http://downloads.dell.com/manuals/common/networking_nxxcli_en-us.pdf
blachetta
4 Posts
1
December 2nd, 2016 01:00
I wonder why the workflow is not described anywhere...
I got it working, generated Key+CSR with OpenSSL in RSA 2048Bit SHA-256.
The naming of the key on the switch is sslt_key1.pem and the cert is sslt_cert1.pem.
Copy these files to flash:// and they override the existing ones, reload the website and it's working.
Thanks for pointing me in the right direction. :)
blachetta
4 Posts
0
November 29th, 2016 21:00
I know that the FW is out of date. They act as storage switches for EMC, and I don't like to change a running system if it is not neccessary. :)
Can someone confirm that this has changed in the newest FW?
And how do I know which certificates are accepted by the switch, when I import one (SHA-1, 256, 512..)?
EDIT:
I looked through all the release notes and only found:
Added TLSv1.0 as HTTPS protocol by default and disabled SSLv2 and SSLv3 by default
Kernel updates and SSL version upgrade to 1.0.1.o
Version 6.2.6.6, A08
But no enhancement to which certificates are supported.
blachetta
4 Posts
0
November 30th, 2016 23:00
Thank you so far for the support! :)
I updated the first switch to 6.3.1.8, but when I generate a CSR, it is still SHA-1.
How do I generate a CSR with SHA-256?
If that is not possible, how do I get a key from openssl into the switch?
Tobias
lazrtap
3 Posts
0
July 5th, 2019 00:00
Thanks @blachetta for pointing me in the right direction.
I've made a tutorial on how to do that:
https://www.dell.com/community/Networking-General/Using-wildcard-certificate-on-dell-switches/m-p/7327837#M38209