HPE Community
Servers - General
1758609 Members
3009 Online
108873 Solutions
New Discussion юеВ

HP IP Console Switch G2 - Vertiv Certificate Expired even with Latest 2.12.6 Firmware

 
edwardforgacs
Occasional Advisor

2 weeks ago - last edited a week ago by

2 weeks ago - last edited a week ago by

HP IP Console Switch G2 - Vertiv Certificate Expired even with Latest 2.12.6 Firmware

The latest firwmare, version 2.12.6, released on 9 Apr 2024, appears to contain an expired Vertiv certificate, which triggers Java security warnings every time a connection is made.

Is this correct? HP released an update with a certificate which had already expired at the time of release?

Perhaps I'm the only one who actually looked into the reason for the security warning, others have given up and just ignore them because this device can potentally generate so many security warnings.

CN="Vertiv IT Systems, Inc.",
O="Vertiv IT Systems, Inc.",
L=Columbus,
ST=Ohio,
C=US

[From: Tue Mar 02 11:00:00 AEDT 2021,
To: Wed Mar 06 10:59:59 AEDT 2024]

Note the rest of the cert chain is unexpired, I am aware there was an older version with a cert which expired in 2021.

I believe the issue is the code signing certificate used to sign the Java binary, and this is not configurable in the web GUI, but I am happy to be corrected if there is a way for this to be resolved.

0 Kudos
Reply
10 REPLIES 10
Suman_1978
HPE Pro

2 weeks ago

2 weeks ago

Re: HP IP Console Switch G2 - Vertiv Certificate Expired even with Latest 2.12.6 Firmware

Hi,

If you see the release notes, there are some enhancements and unsupported JAVA and IE versions.

Thank You!
I work with HPE but opinions expressed here are mine.


I work for HPE.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Accept or Kudo
0 Kudos
Reply
edwardforgacs
Occasional Advisor

2 weeks ago

2 weeks ago

Re: HP IP Console Switch G2 - Vertiv Certificate Expired even with Latest 2.12.6 Firmware

I fail to understand how "unsupported Java versions" (which I don't believe I'm using) would be related to a certificate which expired in March 2024?

There is mention in the release notes of a certifcate expiring in 2021, not the one I am referring to.

0 Kudos
Reply
Suman_1978
HPE Pro

2 weeks ago

2 weeks ago

Re: HP IP Console Switch G2 - Vertiv Certificate Expired even with Latest 2.12.6 Firmware

Hi,

Is it possible for you to share the error message or screenshot of the error you are getting on the switch?

Thank You!
I work with HPE but opinions expressed here are mine.


I work for HPE.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Accept or Kudo
0 Kudos
Reply
edwardforgacs
Occasional Advisor

2 weeks ago

2 weeks ago

Re: HP IP Console Switch G2 - Vertiv Certificate Expired even with Latest 2.12.6 Firmware

See below:

HP KVM.png

0 Kudos
Reply
Suman_1978
HPE Pro

2 weeks ago

2 weeks ago

Re: HP IP Console Switch G2 - Vertiv Certificate Expired even with Latest 2.12.6 Firmware

Hi,

Are you using any Vertiv software for management of switches, if so, what is the name of that SW and its version, do you think you need to contact them for Certificate issues?

Thank You!
I work with HPE but opinions expressed here are mine.


I work for HPE.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Accept or Kudo
0 Kudos
Reply
edwardforgacs
Occasional Advisor

2 weeks ago - last edited 2 weeks ago

2 weeks ago - last edited 2 weeks ago

Re: HP IP Console Switch G2 - Vertiv Certificate Expired even with Latest 2.12.6 Firmware

No we are not using any software from Vertiv and never have. The certificate comes from the built-in firmware in the HP IP Console Switch G2. It is an OEM Avocent (Vertiv) product sold by HP.

0 Kudos
Reply
Suman_1978
HPE Pro

2 weeks ago

2 weeks ago

Re: HP IP Console Switch G2 - Vertiv Certificate Expired even with Latest 2.12.6 Firmware

Hi,

In this scenario, I can only think of JAVA update or getting in touch with HPE Support to log a ticket.

Thank You!
I work with HPE but opinions expressed here are mine.


I work for HPE.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Accept or Kudo
0 Kudos
Reply
Suvamay
HPE Pro

a week ago

a week ago

Re: HP IP Console Switch G2 - Vertiv Certificate Expired even with Latest 2.12.6 Firmware

1 - Generate Request and PrivateKey

openssl req -newkey rsa:2048 -keyout serverprvkey.pem -nodes -sha1 -days 1095 -out server.req

2 - Generate certificate against CA

certreq -attrib "CertificateTemplate:WebServer"

3 - convert BEGIN PRIVATE KEY to BEGIN RSA PRIVATE KEY)

openssl rsa -in server2prvkey.pem -out server2_newkey.pem

4 - copy paste rsa key to cert

5 - upload to kvm

I'm an HPE employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
edwardforgacs
Occasional Advisor

a week ago

a week ago

Re: HP IP Console Switch G2 - Vertiv Certificate Expired even with Latest 2.12.6 Firmware

Unfortunately there seems to be confusion about the certificate being discussed.

The certificate which is presented by the web console can be replaced by OpenSSL commands and the procedure described above.

The Vertiv certificate is the actual code signing certificate used to sign the Java binary which is built in, and I don't believe can be changed. The app which downloads when a remote connection is initiated (not through the web console but downloading a file to launch the KVM viewer app).

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.