- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Systems Insight Manager
- >
- Newbie : HP Systems Mangement Homepage SSL Heartbl...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-02-2014 07:56 AM - last edited on 05-12-2014 01:07 AM by RASHMI
05-02-2014 07:56 AM - last edited on 05-12-2014 01:07 AM by RASHMI
Hello All,
I am new to managing a Windows Server environment which is a mix of Windows Server 2003/2008 (32/64 bit) versions.
Recently, several hundred servers had been detected with the Heartbleed bug on port 2381 which I beleive is related to SMH. The SMH version was 7.2.2 which HP recommeds to upgrade to 7.2.3.
Because of the priority, I quickly upgraded these to 7.2.3 by installing the suggested .exe on HP site :
The above fixed the vulnerability and produced clean scans.
I now wish to regenerate the certificates and am completely lost on how I should do that. As per the doc above,
"If it is suspected that a datacenter has been compromised by this security vulnerability, delete the SMH certificate or back it up by moving it to a private folder. The SMH certificate is located on each node of the datacenter, with the filenames cert.pem and file.pem, in folder C:\hp\sslshare. A new certificate will be created when the SMH service starts (at the end of the upgrade or new installation)."
Does the above mean that if simply delete cert.pem and file.pem and restart the SMH service, the certificates will be re-genreated and the issue is solved?
Or When it says "(at the end of the upgrade or new installation)", does it mean that I have to reinstall 7.2.3?
(FYI, PKI is *not* being used in our environment.)
Please advise. Thanks.
Solved! Go to Solution.
- Tags:
- certificate
- OpenSSL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-02-2014 08:57 AM
05-02-2014 08:57 AM
Re: Newbie : HP Systems Mangement Homepage SSL Heartbleed bug; Cert regeneration
Yes - you are exactly right. You can also use the SMH GUI to generate a CSR, grab the file from that same directory and sign it with your CA and then replace the file cert.pem with your new cert (use the same name). Its a lot of work to provide custom certs for 100's of servers so I can see why nobody would want to do it and you are probably better off you doing the simpler method they provide (deleting the existing files and restarting the service).
Nelson
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-02-2014 09:05 AM
05-02-2014 09:05 AM
SolutionSorry, I just re-read you your post. Here is what I would do:
Install latest SMH. Do not install 7.3.2 on Windows 2003. This breaks SMH as Windows 2003 does not support the the versionof PHP included in the SMH 7.3 familiy. Use 7.2.3 for Windows 2003 and 7.3.2 for Windows 2008 and up. This fixes the Heartbleed bug in HP SMH software.
Install latest VCAgent if you are using it. You can use 7.3.2 version of the VCA for both Windows 2003 and 2008 and up servers. This fixes the Heartbleed bug in the HP VCA software.
If you are worried your existing certificates have been comprimised, delete the certs as you outlined in your post and restart the SHM agent service to have them regenerated. As you mentioned you are not using PKI you can ignore my earlier post regarding creating CSRs...and that is a lot of work anyways.
Hope this helps.
NK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-11-2014 03:30 PM
05-11-2014 03:30 PM
Re: Newbie : HP Systems Mangement Homepage SSL Heartbleed bug; Cert regeneration
Hello Nelson,
Many thanks for your advice.
I followed the steps you mentioned and received about 80% successful fixes (upgrades).
However, on about 20% of the servers, the scan script still reports "probably vulnerable" for heartbleed
(a) c:\hp\hpsmh\bin\smhlogreader --version displays 7.2.3.1
(b) c:\hp\hpsmh\bin\ssleay32.dll and libeay32.dll show Product version as "1.0.1c"
(c) c:\smh_installer.log seems to indicate a successful upgrade. PFA.
(I have not updated the VCAgent for any as yet)
Please help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2014 07:59 AM
05-14-2014 07:59 AM