OMSA self signed certificate - CLI generation and assignment of the self-signed certificate?

Servers

Servers
Information and ideas on Dell PowerEdge rack, tower and blade server solutions.

OMSA self signed certificate - CLI generation and assignment of the self-signed certificate?

This question is not answered

So I scanned one of my boxes with Nessus & it returns the following:

  1. SSL Certificate Cannot Be Trusted
  2. SSL Self-Signed Certificate
  3. SL RC4 Cipher Suites Supported
  4. SSL Medium Strength Cipher Suites Supported
  5. SSL Weak Cipher Suites Supported
  6. SL Certificate Chain Contains RSA Keys Less Than 2048 bits

So I went to them OMSA page & changed the SSL Encryption level to 128 bit or higher & Signing to SHA512

I then generated a new self signed cert with 2048 bits & bounced the DSM SA Connection Service... still no joy on the RC4 cipher... that turns out to be:

Edit "C:\Dell\ServerAdministrator\apache-tomcat\conf\server.xml" & remove "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5" from the line:

<Connector SSLEnabled="true" address="*" ciphers="... 

Save & bounce the service... this all leaves me with SSL Certificate Cannot Be Trusted and SSL Self-Signed Certificate vulnerabilities which I will likely live with...

So what I need help with... is there a way to programatically generate & assign the self-signed certificate?

I need to do this to my entire fleet.

All Replies
  • So what I need help with... is there a way to programatically generate & assign the self-signed certificate?

    After researching, it appears that it has to be done manually through each server and the web interface only.  We looked and tested; it looks like the omconfig command interacts directly with the instrumentation and doesn't go through the web service. 

    Some one else in the community may have figured a way around this.

    Regards,

     

    Geoff P
    Dell | Social Outreach Services - Enterprise


    Download the Dell Quick Resource Locator app today to access PowerEdge support content on your mobile device!
    (iOS, Android, Windows)

  • DELL-Geoff P

    ...Some one else in the community may have figured a way around this.

     
    Kind of what I expected... I'll take a wait & see.