HPE Community
BladeSystem - General
1753657 Members
5851 Online
108798 Solutions
New Discussion

SSL Certificates and Private Keys

 
chuckk281
Trusted Contributor

‎08-14-2014 02:10 PM

‎08-14-2014 02:10 PM

SSL Certificates and Private Keys

Mike had a login question around security:

 

************

 

Hi Experts,

 

I have a customer who has some questions about the Generate Key command in the OA CLI.  He would like to know if running the Generate Key command is required as part of replacing a SSL certificate.  Also, the customer will be replacing the SSL certificates in the OA with his own CA signed certificates.  Will the current 2048-bit-keys that the OA is currently using, would they be replaced by the matching private keys that come with his CA certificates? 

 

***********

 

Reply from Keshab:

 

**************

 

You do not have to generate new SSL and SSH keys to load certificates. Since the customer is trying to load a CA signed key, it appears he is trying to use Two Factor Authentication. In this case, just uploading the CA certificate to the OA will suffice. He has to install the user certificate in the client as well.

 

Uploading certificates do not replace the OA private keys. Generate key is used to reinitialize the OA private keys during a reset of its network settings or when the administrator feels that new keys should be generated because of the following reasons

-          Key strength needs to be increased

-          Message digest algo is deprecated e.g. SHA1 may become deprecated and SHA 256 is required

-          RSA keys regeneration to increase security

 

*************

 

Comments or questions?

 

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.