topic Re: System Management Homepage and SSL Certificates in ProLiant Servers (ML,DL,SL)

System Management Homepage and SSL Certificates

jfronius — Mon, 04 May 2020 12:15:39 GMT

Good day!

I'm looking into remediation of a vulnerability for self-signed certificates on our Systems Management Homepage.

I've found how to do the remediation manually, individually for a server, but I have about 3500 servers to remediate. I'm interested to see if HPE has a method of creating the CSR by script, and we can submit the requests to our CA.

Re: System Management Homepage and SSL Certificates

mattscratt — Mon, 04 May 2020 14:36:00 GMT

Facing the same challenge, do you mind posting your manual process and it might help out with the scripting question.

Re: System Management Homepage and SSL Certificates

jfronius — Mon, 04 May 2020 19:50:05 GMT

https://community.spiceworks.com/how_to/2899-replace-the-ssl-certificate-for-hp-system-management-homepage-with-a-ca-generated-one

You can follow the steps above. Generate the CSR, submit it to your CA, download the certificate. Replace it at C:\hp\sslshare\cert.pem. Stop/start the service and you're done.

Now I just need a way to generate, submit, and download 3500 CSRs!

Re: System Management Homepage and SSL Certificates

KishJ — Tue, 05 May 2020 09:46:43 GMT

Greetings,

I understand applying such steps on 3500 servers going to be a daunting task. I am sorry, I could not find any script in our knowledge base to automate such sequences.

You may think of doing something using scripts based on commands available in "How to setup your own Certificate Authority using OpenSSL" -https://internal.support.hpe.com/hpesc/public/docDisplay?docId=c00905526

Hope it helps, all the best.

Re: System Management Homepage and SSL Certificates

jfronius — Tue, 05 May 2020 11:30:47 GMT

Doesn't look like I can get into that page. Is that an internal HPE only site? I've tried signing in with my HPE support account at that site and no luck.

Re: System Management Homepage and SSL Certificates

jfronius — Tue, 05 May 2020 16:08:46 GMT

I've found some other resources on openssl. Looks like I can generate the CSR with openssl and submit it to my CA.

.\openssl.exe req -key c:\hp\sslshare\file.pem -new -out c:\hp\sslshare\server.csr -subj "/C=US/ST=State/L=City/O=Company/OU=IT/CN=servername"

Move-Item c:\hp\sslshare\cert.pem c:\hp\sslshare\cert.pem.old

.\certreq.exe -submit -config servername.company.com\servername -attrib "CertificateTemplate:WebServer" c:\hp\sslshare\server.csr c:\hp\sslshare\cert.pem

Stop/start the System Management Homepage service and it's replaced

Re: System Management Homepage and SSL Certificates

KishJ — Sun, 10 May 2020 10:17:35 GMT

Greetings,

Many thanks for sharing the steps that helped you.

I am sorry, not sure why the public document could not be accessed via the link.

Regards,