- Community Home
- >
- Networking
- >
- IMC
- >
- Re: IMC 7.3 E0605H05 - New SHA256 SSL-Certificate ...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-26-2018 10:35 PM - edited тАО11-26-2018 10:43 PM
тАО11-26-2018 10:35 PM - edited тАО11-26-2018 10:43 PM
IMC 7.3 E0605H05 - New SHA256 SSL-Certificate not working with any browser
Hi Folks,
last week our ssl-certifticate from HP IMC (IMC 7.3 E0605H05 on GNU/Linux CentOS 7.5) was expired, so I've created and signed officially (German Telekom) a new certificate.
In the last years, I've handled this procedure, too, without any problems.
The steps I've done, were the following:
Generate private key:
# openssl genrsa -des3 -out imc-key.pem 2048
Generate a CSR:
# openssl req -batch -sha256 -new -key imc-key.pem -out imc-request.pem\
-subj '/C=DE/ST=My State/L=My City/O=My Organization/OU=My Unit/CN=host.domain.tld'
Bring the certificate to a compatible format for IMC/Java;
# openssl pkcs12 -inkey imc-key.pem -in cert-imc.pem -export -out imc-pfx.pfx
Import the certificate to IMC "newks" Java-Keystore:
# /opt/iMC/common/jre/bin/keytool -importkeystore -srckeystore discovery-pfx.pfx\ -destkeystore newks -srcstoretype pkcs12 -deststoretype JKS -storepass IMCV500R001 -v
Set alias to "imc":
# /opt/iMC/common/jre/bin/keytool -changealias -alias 1 -destalias imc -keystore newks -storepass iMCV500R001
All the steps are working and without any errors, finally, I've copied the news to /opt/iMC/client/security/newks.
Restarted the services and even the server, but when I try to connect to IMC, the browser says:
"Waiting for TLS-Handshake..." until timeout.
Doesn't matter, which browser I use.
Even edited the /opt/iMC/client/server.xml and followed the steps like mentioned here:
https://community.hpe.com/t5/IMC/Login-page-SSL-error-after-upgrade-to-iMC-PLAT-v7-3-E0605/td-p/7006967
I tried to import the whole certificate chain, only the server cert.
The cipher of the certificate is: SHA256 with AES
The SSL-section of the server-xml looks like this:
<!-- HTTPS Connector -->
<Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="100" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA" clientAuth="false" compressableMimeType="text/html,text/xml,text/xhtml,text/css,text/javascript,text/plain" compression="on" compressionMinSize="2048" connectionTimeout="60000" disableUploadTimeout="true" enableLookups="false" keystoreFile="security/newks" keystorePass="iMCV500R001" maxHttpHeaderSize="8192" maxPostSize="5242880" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" noCompressionUserAgents="gozilla, traviata" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" sslProtocol="TLS"/>
Do you have an further ideas?
Thanks a lot in advance!
Best regards,
Matthias
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-29-2018 11:52 PM
тАО11-29-2018 11:52 PM
Re: IMC 7.3 E0605H05 - New SHA256 SSL-Certificate not working with any browser
Hi Matthias,
We may have to look into the IMC logs to know the reason for failure, can you share the IMC logs, or log a support case.
I am an HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-06-2018 01:47 AM - last edited on тАО12-06-2018 09:52 PM by Parvez_Admin
тАО12-06-2018 01:47 AM - last edited on тАО12-06-2018 09:52 PM by Parvez_Admin
Re: IMC 7.3 E0605H05 - New SHA256 SSL-Certificate not working with any browser
Hi @drk787,
thank you very much for your reply.
Which Logs do you need exactly?
In the /opt/iMC/client/log/ are plenty log files.
I tried to get the Tomcat Logs (I think iMC uses Apache Tomcat for Java?) to see a certificate/handshake error, but I cant't find them.
Yesterday we've updated successfully to iMC 7.3 E05P06, but the SSL certificate problem still exists.
Best regards,
Matthias
P.S.: At the moment we use a self-signed certifiate, this works:
# /opt/iMC/common/jre/bin/keytool -genkey -v -alias raikey -keystore newks -storepass iMCV500R001 -keypass iMCV500R001 -validity 365 -keysize 2048 -sigalg SHA256withRSA -keyalg RSA -dname "CN=host.domain.tld, OU=R&D, O=Organization, L=City, S=State, C=DE"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-20-2019 05:28 AM
тАО02-20-2019 05:28 AM
Re: IMC 7.3 E0605H05 - New SHA256 SSL-Certificate not working with any browser
Anybody got it working?
Seb