https://community.hpe.com/t5/server-management-systems/ssl-communications-between-vca-and-vcrm/m-p/4704329#M42338 <!--!*#-->My current organization makes little distinction between securing passwords on the intranet and Internet and as a result, we limit SSL ciphers to those that offer high encryption on both internal and external servers.<BR /> <BR />In addition to ensuring that Windows was configured to only use high encryption ciphers, I recently made changes to the allowed cipher suites for SMH using smhconfig.exe. Specifically, I now have the following:<BR /><BR />SSLCipherSuite ALL:!ADH:!EXPORT56:!EXPORT40:RC4+RSA:+HIGH:-MEDIUM:-SSLv2:-EXP:-LOW:-eNULL<BR /><BR />I have also been working on the certificates to replace the self-signed certificates using the netbios computer name with certificates issued to the FQDN and signed by our local CA.<BR /> <BR />I can browse to the SMH on all my servers. SMH is using the correct certificate and at first everything seems to be in order. Unfortunately, when I try to connect to the VCRM from the VCA, the VCA is reporting:<BR /><BR />The specified repository <SERVER fqdn=""> is invalid or not reachable.<BR /><BR />I have tried accessing it from both the VCRM server and other servers and I have also tried the netbios name as well as just the IP address. The account we use to connect to the VCRM is in the local administrators group, so that is not the issue. In all cases, I can successfully connect to the VCRM from any server using the URL: https://<SERVER fqdn="">:2381/vcrepository. I have verified that the certificate I get when browsing to the URL is the same certificate in the trusted management servers certificates list.<BR /> <BR />So I am wondering, is the VCA is capable of using a high encryption cipher? <BR /></SERVER></SERVER> Mon, 25 Oct 2010 11:45:35 GMT Rob C. 2010-10-25T11:45:35Z https://community.hpe.com/t5/server-management-systems/ssl-communications-between-vca-and-vcrm/m-p/4704329#M42338 <!--!*#-->My current organization makes little distinction between securing passwords on the intranet and Internet and as a result, we limit SSL ciphers to those that offer high encryption on both internal and external servers.<BR /> <BR />In addition to ensuring that Windows was configured to only use high encryption ciphers, I recently made changes to the allowed cipher suites for SMH using smhconfig.exe. Specifically, I now have the following:<BR /><BR />SSLCipherSuite ALL:!ADH:!EXPORT56:!EXPORT40:RC4+RSA:+HIGH:-MEDIUM:-SSLv2:-EXP:-LOW:-eNULL<BR /><BR />I have also been working on the certificates to replace the self-signed certificates using the netbios computer name with certificates issued to the FQDN and signed by our local CA.<BR /> <BR />I can browse to the SMH on all my servers. SMH is using the correct certificate and at first everything seems to be in order. Unfortunately, when I try to connect to the VCRM from the VCA, the VCA is reporting:<BR /><BR />The specified repository <SERVER fqdn=""> is invalid or not reachable.<BR /><BR />I have tried accessing it from both the VCRM server and other servers and I have also tried the netbios name as well as just the IP address. The account we use to connect to the VCRM is in the local administrators group, so that is not the issue. In all cases, I can successfully connect to the VCRM from any server using the URL: https://<SERVER fqdn="">:2381/vcrepository. I have verified that the certificate I get when browsing to the URL is the same certificate in the trusted management servers certificates list.<BR /> <BR />So I am wondering, is the VCA is capable of using a high encryption cipher? <BR /></SERVER></SERVER> Mon, 25 Oct 2010 11:45:35 GMT https://community.hpe.com/t5/server-management-systems/ssl-communications-between-vca-and-vcrm/m-p/4704329#M42338 Rob C. 2010-10-25T11:45:35Z https://community.hpe.com/t5/server-management-systems/ssl-communications-between-vca-and-vcrm/m-p/4704330#M42339 Are you able to open all other available webapps in SMH, on your setup ?<BR /><BR />Thanks. Thu, 28 Oct 2010 07:03:02 GMT https://community.hpe.com/t5/server-management-systems/ssl-communications-between-vca-and-vcrm/m-p/4704330#M42339 pkrai 2010-10-28T07:03:02Z https://community.hpe.com/t5/server-management-systems/ssl-communications-between-vca-and-vcrm/m-p/4704331#M42340 pkrai - Yes. You also responded to a related posting on this: <A href="http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1452725&amp;admit=109447626+1288266351048+28353475." target="_blank">http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1452725&amp;admit=109447626+1288266351048+28353475.</A> Based on what I have been doing with the certificates, I am starting to think that I broke it. I am not sure that I'll be able to manage certificates for HP management software the way I want... Thu, 28 Oct 2010 10:54:05 GMT https://community.hpe.com/t5/server-management-systems/ssl-communications-between-vca-and-vcrm/m-p/4704331#M42340 Rob C. 2010-10-28T10:54:05Z