HPE Community
Server Management - Systems Insight Manager
1752786 Members
5948 Online
108789 Solutions
New Discussion юеВ

Re: How to disable SSL2 and use only SSL3 for HP System Management

 
pyc_1
Occasional Contributor

тАО10-07-2006 10:05 AM

тАО10-07-2006 10:05 AM

How to disable SSL2 and use only SSL3 for HP System Management

Installation of HP System Management Homepage on DL380 / Windows 2003 server causes a Qualys reports a multiple security vulnerability. A vulnerability reports are as follows :

- SSL Server Supports Weak Encryption
- SSL Server Uses Weak Encryption
- SSL Server Has SSLv2 Enabled
- SSL Certificate - Signature Verification Failed
- SSL Certificate - Self-Signed Certificate
- SSL Certificate - Subject Common Name Does Not Match Server FQDN

I would like to know on how to disable SSL2 and only enable SSL3 and how to solve a SSL certificate problem.

Thank you
0 Kudos
Reply
7 REPLIES 7
Rich Purvis
Honored Contributor

тАО10-07-2006 01:29 PM

тАО10-07-2006 01:29 PM

Re: How to disable SSL2 and use only SSL3 for HP System Management

If you look at this link: http://h18023.www1.hp.com/support/files/server/us/revision/8266.html

It is the revision history for thr HP System Management Homepage. If you scroll down you will see in the revision notes that starting with revision 2.1.4.143, that was released in January, default disabled SSLv2. You have the ability to enable it with a switch if you wish starting with that release, but it is not enabled unless you do that.

If you have that revision or later you should not have a problem. You will need to be specific as to what your certificate issue is.

You may want to look at this HPSIM security white paper: http://h10018.www1.hp.com/wwsolutions/misc/hpsim-helpfiles/hpsim_5_Security.pdf

It discusses how to implement a strong security model, it may or may not satisfy your Quayls report as I don't know all of what it looks for. Good Luck,

-Rich
Why does my tivo keep recording Nickelodeon?
0 Kudos
Reply
pyc_1
Occasional Contributor

тАО10-08-2006 07:17 PM

тАО10-08-2006 07:17 PM

Re: How to disable SSL2 and use only SSL3 for HP System Management

Thank you for your guide. Now the SSL2 issues are fixed. However, the SSL certificate issues still exist.

I try to get a certificate from Windows 2003 Certificate however, it still report the Common Name does not match server FQDN.

Let say, the server FQDN is AV-MBX002.SG.INTERNAL.COM but the certificate subject name is AV-MBX002. How can I request a cert with a FQDN.
0 Kudos
Reply
SCARABEETLE
New Member

тАО03-19-2007 07:09 AM

тАО03-19-2007 07:09 AM

Re: How to disable SSL2 and use only SSL3 for HP System Management

Does anyone know if there is an HP tool for MASS deployment of a CA 3rd party certificate? We're seeing NESSUS security vulnerabiliities for pt :2381 and the HP Self-signed cert. Just need a way to deploy a common cert to all servers...easily 1000+..THX!
0 Kudos
Reply
David Claypool
Honored Contributor

тАО03-19-2007 12:38 PM

тАО03-19-2007 12:38 PM

Re: How to disable SSL2 and use only SSL3 for HP System Management

There is no mass deployment because there is no single certificate--you will have to have an individual certificate for each and every server. That's because the certificate contains the server's name.
0 Kudos
Reply
SCARABEETLE
New Member

тАО03-20-2007 12:37 AM

тАО03-20-2007 12:37 AM

Re: How to disable SSL2 and use only SSL3 for HP System Management

Thanks David for your quick reply:)
0 Kudos
Reply
Alexey Gromov
Occasional Advisor

тАО12-07-2010 03:29 AM

тАО12-07-2010 03:29 AM

Re: How to disable SSL2 and use only SSL3 for HP System Management

How do I request a certificate with FQDN instead of common name?
0 Kudos
Reply
BastianW
Advisor

тАО09-10-2012 05:22 AM

тАО09-10-2012 05:22 AM

Re: How to disable SSL2 and use only SSL3 for HP System Management

Have you tried the following HowTo:

 

http://www.admin-enclave.com/en/solutions/windows/47-replace-the-ssl-certificate-for-hp-system-management-homepage-with-a-ca-generated-one.html

 

This explains that you need to use the alternative name for the FQND.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.