I was given a 4-node C6100 as a development/test environment for a project. As it turns out, recent versions of Firefox and IE no longer allow me to connect to web servers with less than 1024bit RSA encryption keys, and the embedded web server in the C6100 IPMI has a 512bit key.
Is there any way to regenerate the web certs using a larger RSA key size (e.g. via ipmitool from Linux) ?
The IPMI web u/i itself doesn't appear to allow configuring http(s) at all (an alternative for me would be to turn off https completely and just go in via cleartext http).
Thanks in advance for any ideas!
I'm not aware of a way to alter the key size above 512 bits. This is a limitation of the BMC, and I do not see anywhere that we changed this with a firmware update.
There are methods to override the 1024 bit minimum on the browsers. Here is a Microsoft KB article on how to enable weak encryption:
Daniel MysingerDell EMC, Enterprise EngineerGet support on Twitter @DellCaresPRO
Thanks for the reply ! A newer iteration of Firefox 34 once again permits me to proceed in spite of its dire warnings about weak security :) So, once I manage to fire up the .jnlp file via either Java 7 on Windows or IcedTea Web Start on linux (java-1.7.0 shipping with Fedora 20) I get an error opening the console app from Java itself.
On windows, I get "Access Error: Page not found / Could not create token for this session. Max session limit might have reached". On Fedora, the actual console app window opens, but there's a popup saying "Invalid Session token. Authentication failure". Clicking the "OK" button closes the JViewer app, and that's the end of it.
I remember getting the same "Invalid Session" error before, using an older version of Safari on OS X, so it's common across multiple platforms. Any idea what might be going on ? I also get this on all four IPMI cards for each of the four nodes.
somloI get an error opening the console app from Java itself.
Java has added a lot of security. I would suggest opening Java and changing the security settings. You may need to add the address to the exception site list as well.
On Linux I have to click on LOTS of "are you sure" and "run" buttons before the console app finally pops up. On windows (xp and 7, latest java 7 revision) I had to go into security and add the IPMI URL as "trusted" before I made it to the error I was quoting. The error I'm running into is *after* java has decided to allow the app to run... :(